Search icon
Download the all-new Republic app:

Published 12:02 IST, December 20th 2024

McDonald's India Claims It Fixed Bugs That Exposed User Data

A bug in McDonald India's delivery system exposed data including their names and phone numbers, of its users in the country. The bug has been fixed now.

Reported by: Tech Desk
McDonald's | Image: Pixabay

McDonald's India user data exposed: A major bug in McDonald India's delivery system exposed data of thousands of customers and delivery partners in the country. The exposed data includes details such as names, phone numbers and email addresses to name a few.

According to a report by TechCrunch, a security researcher called Eaton Zveare found a major bug in the APIs of McDonald's India (West and South) delivery system, which could let anyone access, redirect and track orders in real-time. In addition to this, the bug could also let a hacker place legitimate orders for $0.01 or Rs 0.85 simply by tweaking the company's API that is used by the McDonald's India website, the company's mobile apps and other online delivery platforms in the country. In addition to this, the bug in the API also let anyone get access to invoices and submit feedback for customer orders.

More importantly, the bug in McDonald India's API exposed the full names, email address, and phone numbers of the customers, and vehicle numbers, profile pictures and real-time tracking information of the restaurant chain's delivery partners delivering orders in real-time.

While the exact number of customers and delivery partners affected by this bug remains unclear, the report says that the vulnerability exposed information pertaining to hundreds of millions of orders.

The good news is that the bug that was discovered in July was fixed by the company in late September.

McDonald's India, in a statement to the publication, confirmed the issue while assuring that an internal analysis showed that the bug had not led to a breach of its customer data.

It is worth noting that this is not the first time that the user data of McDonald's India (West and South) has been exposed online. Back in 2017, a bug in the McDonald's India delivery app exposed the personal information, including names, home addresses, phone numbers and email addresses, of its 2.2 million customers in the country. At the time, the company had fixed the bug in the app and urged its customers to install the updated app to prevent their data from getting exposed.

 

Updated 12:02 IST, December 20th 2024

LIVE TV

Republic TV is India's no.1 English news channel since its launch.