• McDonalds delivery customers put at risk by possible data breach

    From TechnologyDaily@1337:1/100 to All on Monday, December 23, 2024 11:30:05
    McDonalds delivery customers put at risk by possible data breach

    Date:
    Mon, 23 Dec 2024 11:20:00 +0000

    Description:
    Delivery system for McDonalds in India had a worrying bug, but luckily,
    threat actors didn't find it.

    FULL STORY ======================================================================A researcher found a flaw in a McDonalds API which allowed them to hijack
    orders The bug also leaked sensitive information It was fixed in September 2024, but users should still be careful

    A delivery system for McDonalds in India was flawed in a way that exposed sensitive customer information , and allowed people to make fraudulent
    orders, experts hae claimed.

    Cybersecurity researcher Eaton Zveare from Traceable AI, who found a bug in the API of the delivery system in McDonalds India (West & South).

    The delivery system, which is apparently owned by a company called Hardcastle Restaurants, had a vulnerability which exposed delivery customer names, email addresses, and phone numbers. For the drivers, it exposed vehicle numbers, profile pictures, and tracked real-time location of their deliveries.
    Besides, the bug allowed people to access, hijack, redirect, or track orders in real-time. They could also make orders for as little as $0.01. No data breach recorded

    Zveare found the vulnerabilities in June 2024, and McDonalds fixed it in September. Allegedly, no threat actors stumbled upon this bug, and no customers were actually exposed.

    McDonalds India said a thorough verification of systems and logs showed the flaws did not result in a breach of its customer data.

    We conduct regular audits and assessments to continuously strengthen our security measures, and have all the necessary enhancements implemented, ensuring all our systems are up to date and secure, Sulakshna Mukherjee, a spokesperson at McDonalds India (West & South), said in a statement emailed
    to TechCrunch .

    While we dont know exactly how many people were put at risk through the bug, TechCrunch was told hundreds of millions of orders were exposed.

    The McDelivery (West & South) mobile app uses the same exact back-end APIs as the website. As a result, both were vulnerable to the same exploits, the researcher told the publication.

    Since the delivery system for India North & East is different, these parts of the country were not affected, and other countries are safe, too. You might also like Lessons in cybersecurity from the Internet Archive Breaches Here's
    a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/mcdonalds-delivery-customers-put-at-ris k-by-possible-data-breach


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)