Photo by Tricia Lott Williford
Cybersecurity film Fallible reported a failure and breach of user information in Mcdonald's India delivery app McDelivery on Saturday. Apart from the names of more than 2.2 million users, phone numbers, email and home addresses, and social media profiles, were leaked.
“An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information," noted Fallible in a post published on their blog.
McDonald's has recommended that its customers update the McDelivery app on all of their devices. The company has since denied any breach of data had occurred, ensuring its customers of the security in its delivery app.
In India, McDonald's as two separate entities - McDonald's India North & East, and Mcdonald's India West & South, which runs both the app and the website. Customers from the prior wing remain unaffected by the information leak.
“Our website and app do not store any sensitive financial data of users like credit card details, wallet passwords or bank account information," Mcdonald's responded, "as a precautionary measure, we would urge our users to update the McDelivery app on their devices.”