Police called over pizza hack

Private information including passwords, email and home addresses, phone numbers - plus pizza orders - have fallen into the hands of the anonymous cyber hackers. Photo / Martin Sykes

The personal details of several Kiwi celebrities have been released by hackers as proof they have cracked Hell Pizza's customer database.

Private information including passwords, email and home addresses, phone numbers - plus pizza orders - have fallen into the hands of the anonymous cyber hackers.

Hell have called in police and it has raised fears that they could access the personal details of hundreds of thousands of New Zealanders.

The company warned its 230,000 customers to change their internet passwords in an email on Friday night.

Prominent Kiwis caught in the sting include DJ Mike Puru, Target presenter Brooke Howard-Smith, comedian Dai Henwood, entrepreneur Seeby Woodhouse and former Green Party MP Nandor Tanczos.

Puru said he was shocked to hear his information had been hacked. "It does scare me to think how easy it is to get that information. I can confirm I do like chicken tenders."

Tanczos appears to like lemon pepper wedges and vegan pizzas. "I am not too worried about people knowing my taste in pizza but the other information concerns me. Once someone can get into your email it is easy to rip off a wider network of people."

But Henwood, who enjoys a side of kumara wedges or garlic bread, said he wasn't overly concerned.

"My Twitter has been hacked, my Facebook has been hacked and I'm pretty sure half of New Zealand has my phone number already. I have nothing bad to say about Hell."

Hell Pizza director Warren Powell said it was a massive concern for the company, who had still failed to locate the source of the breach.

He said: "We are honestly taking this very seriously. The last thing we have wanted to do is inconvenience our customers. We take customers' personal details bloody seriously and we spend a lot of money on security.

"We have been working 24/7 on this for some time and have not found a breach."

Powell said he suspected a former "rogue employee" might be to blame.

Hell Pizza learned of the security breach after Australian journalist, Patrick Gray, informed them he had been given personal details by another party.

"Security was so bad it's obvious to anyone running security test software," Gray told the Herald on Sunday.

He said that the people responsible were "whistleblowers" who were trying to expose security faults. He said the people who contacted him warned Hell Pizza last year and were ignored.

"Spammers have this list already. They have 230,000 valid emails from New Zealand."

Executive director Martin Cocker from NetSafe said if Hell Pizza has been breached it was embarrassing for them not to know. However, he said it was good Hell Pizza had warned customers as there was no legal obligation to do so.

"Many businesses could be in the same situation as Hell Pizza right now but we wouldn't know it."

Industry people have been lobbying to introduce mandatory reporting if personal information has been released.