McDonald's India app may have leaked personal info of 2.2M users

McDonald's India App Leaked Customer Data Millions Said to Be Impacted

A new report published by security firm Fallible has ascertained that the McDonald's India app left some of its security safeguards vulnerable, allowing third party sources to easily gather customer information.

The company's mobile app reportedly encountered a major security issue which saw user details including names, emails, phone numbers and addresses all made freely available.

"The fast food giant tweeted a statement on Sunday (18 March) and said, ".our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information".

The company told the Times of India, "The website and app have always been safe to use and we update security measures on a regular basis".

The information comes from a security research startup from Bengaluru called Fallible which claims that it contacted McDelivery on 7 February and even received acknowledgement about the loophole from Senior IT Managment on 13 February.

The McDelivery app is operated by Westlife Development which oversees McDonald's restaurants in south and west India.

"An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information". The company's blog reported, "The McDonald's fix is incomplete and the endpoint is still leaking data".

McDonald's did not immediately comment over the weekend. "We have communicated this again to them and are waiting for their response". This was after the technology blog hackernoon reported on Saturday that the app was found to be "leaking" user data for more than 2.2 million users.

The company, reports pointed out, had not denied that personal information was being leaked.

India often suffers from poor data protection and privacy laws, meaning online sites, apps and services are often much more poorly protected than in the UK.



Other news