McDonald’s App Leaks Details of 2.2 Million Customers

A vulnerable application used by millions of McDonald’s customers in India was recently found to leak personal information of its users.

Dubbed McDelivery, the web application was found to be leaking the personal information of over 2.2 million users. According to Fallible, the software security startup that discovered the bug, user data such as names, email addresses, phone numbers, home addresses, home co-ordinates, and social profile links were leaked by the application.

The issue, they reveal, resides in an unprotected publicly accessible API endpoint that was designed to deliver user details, which is coupled with serially enumerable integers as customer IDs. The pair can be used to pull the personal information pertaining to all of the application’s users. …

Source: McDonald’s App Leaks Details of 2.2 Million Customers


Leave a Reply