Published: Mon, March 20, 2017
Electronics | By Jesus Weaver

McDonalds India Leaking 2.2 million User Data?

McDonalds India Leaking 2.2 million User Data?

McDonald's India urged users to update online ordering app McDelivery on their devices as a precaution, amid reports that the existing app may have exposed users' personal data.

McDonalds India gave the usual "value your privacy" explanation and told media outlets financial data like credit card numbers wasn't exposed - which means only sufficient data to mount a workable identity theft attack was leaked.

It added that it had contacted the McDelivery app, but that the issue had not been resolved.

McDonald reacted with, "Our site and application don't store any delicate monetary information of clients like Credit card subtle elements, wallet passwords or financial balance data".

The information was revealed by Hackernoon a hacker blog which claims that the app is bleeding customer data that includes customer names, email addresses, phone numbers, accurate home addresses, coordinates and social profile links. The website and app has always been safe to use, and we update security measure on regular basis.

McDonald's India app McDelivery had leaked personal information of its customers for an unspecified duration of time, Cyber security firm Fallible reported on Saturday. However, the security firm pointed out that the issue was not fixed until it reported the issue on 18 March on Medium.

"We are pleasantly surprised when we find Indian companies without a personal or payment data leak vulnerability", it said.

IBTimes UK has reached out to McDonald's for more clarity on the matter and are awaiting a response.

Fallible claims that "an unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information".

McDonald's did not immediately comment over the weekend. It's unclear if anyone else knew about the leak and if they were able to exploit it to download data of all McDonald's India (West & South) customers.

Like this: