Hi, No I assume that the breach happened in the last 3 years, and before they implemented SSL. I have noticed that http://www.pizzahut.com.au/members/login is still a valid page, inaccessible via SSL, but haven't checked if logging in on that page actually works.
I noticed that they've also implemented a password reset email, instead of their previous practice of just emailing you the password. Hopefully this means that they are no longer keeping unhashed passwords on the system.
It seems that they realised they weren't doing things correctly in the last 6 months (maybe a bit longer, not 100% sure) and have taken steps to rectify this. This may be due to a discovered security breach, but may just be a change in their internal IT policy. Hopefully they're now following best practices!
I noticed that they've also implemented a password reset email, instead of their previous practice of just emailing you the password. Hopefully this means that they are no longer keeping unhashed passwords on the system.
It seems that they realised they weren't doing things correctly in the last 6 months (maybe a bit longer, not 100% sure) and have taken steps to rectify this. This may be due to a discovered security breach, but may just be a change in their internal IT policy. Hopefully they're now following best practices!