Bugs in a major McDonald’s India delivery system exposed sensitive customer data

Topics

belated

AI

Amazon

Image Credits:Jagmeet Singh / TechCrunch

Apps

Biotech & Health

Climate

Image Credits:Jagmeet Singh / TechCrunch

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

gage

Google

Government & Policy

Hardware

Instagram

layoff

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

startup

TikTok

Transportation

Venture

More from TechCrunch

outcome

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

get hold of Us

A major McDonald ’s delivery organization in India exposed the personal information of its client and drivers due to several simple security department fault , TechCrunch has exclusively memorize .

The flaw , discovered by Traceable AI security researcher Eaton Zveare , were find out in the genus Apis of the livery system relate withMcDonald ’s India ( West & South ) , which is owned by Hardcastle Restaurants .

Zveare exclusively told TechCrunch that bugs in the company ’s delivery organisation , McDelivery , intend anyone could access , hijack , redirect , or real - time data track orders , or make legitimate orders for $ 0.01 , by interact with the companionship ’s API , which apps and web site use for placing orders and trailing . This is because the API was n’t right look into to make certain the somebody making asking was allowed to make requests . The bugs also leave access to invoice and provided the ability to submit feedback for customer orders .

The surety fault exposed McDelivery client full names , email address , and phone numbers of McDonald ’s India ( West & South ) customer , and expose access to vehicle numbers , profile photograph , and cut through the real - time location of the eating house range of mountains ’s driver delivering Holy Order .

Ina since - published blog post , Zveare find out the vulnerabilities and account them to the eating place chain in July . They were define in previous September , per the researcher .

McDonald ’s India told TechCrunch that a “ thorough substantiation of systems and logs ” bear witness the flaws did not result in a breach of its customer data .

“ We direct regular audits and assessments to continuously strengthen our security amount , and have all the necessary enhancements implemented , ensuring all our systems are up to date and secure , ” Sulakshna Mukherjee , a voice at McDonald ’s India ( West & South ) , said in a statement email to TechCrunch .

McDonald ’s India did not disclose the number of customer whose info may have been exposed by the bug . However , the researcher told TechCrunch that the flaw exposed access to C of millions of orders .

“ The McDelivery ( West & South ) roving app uses the same exact back - terminal APIs as the website . As a consequence , both were vulnerable to the same exploits , ” the researcher told TechCrunch .

This is not the first time McDonald ’s India has exploited its customers ’ sensitive data . In 2017 , the delivery app of McDonald ’s India ( West & South)leakedthe personal information of about 2.2 million customers .