McDonald's 2017 India Leak - Revision history

Sojourna: /* The Hack */

2026-04-04T03:01:21Z

The Hack

← Older revision		Revision as of 03:01, 4 April 2026
Line 12:		Line 12:
	==The Hack==		==The Hack==
	On February 7, 2017, Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web \|date=2017-03-17 \|title=McDonalds India is leaking 2.2 million users data \|url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|url-status=live \|access-date=2026-02-05 \|website=Hackernoon \|archive-url=http://web.archive.org/web/20250821162041/https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|archive-date=21 Aug 2025}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web \|last=Arghire \|first=Ionut \|date=2017-03-20 \|title=McDonald’s App Leaks Details of 2.2 Million Customers \|url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|url-status=live \|access-date=2026-02-13 \|website=Security Week \|archive-url=http://web.archive.org/web/20251206202836/https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|archive-date=6 Dec 2025}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />		On February 7, 2017, Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web \|date=2017-03-17 \|title=McDonalds India is leaking 2.2 million users data \|url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|url-status=live \|access-date=2026-02-05 \|website=Hackernoon \|archive-url=http://web.archive.org/web/20250821162041/https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|archive-date=21 Aug 2025}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web \|last=Arghire \|first=Ionut \|date=2017-03-20 \|title=McDonald’s App Leaks Details of 2.2 Million Customers \|url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|url-status=live \|access-date=2026-02-13 \|website=Security Week \|archive-url=http://web.archive.org/web/20251206202836/https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|archive-date=6 Dec 2025}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />
	[[File:2017 ~~McDonalds~~ India ~~Leak Screenshot~~.png\|alt=2017 McDonald's India Personal leaked Info Showcase\|thumb\|Personal leaked Info Showcase]]		[[File:2017 McDonald's India leak screenshot.png\|alt=2017 McDonald's India Personal leaked Info Showcase\|thumb\|Personal leaked Info Showcase]]
	[[File:McDonald's India Official Statement on Facebook.png\|alt=McDonald's India Official Statement on Facebook\|thumb\|Official Statement on Facebook]]		[[File:McDonald's India Official Statement on Facebook.png\|alt=McDonald's India Official Statement on Facebook\|thumb\|Official Statement on Facebook]]
	After public disclosure, Fallible shared their frustration with the company, responding with; <blockquote>''"We have always respected a company’s request if they wanted more time to fix any issue but sadly they stopped responding after 4 weeks which led to us warning users that their data is out in the open. In fact, the ‘fix’ applied right now is incomplete and the vulnerability exists even now and we have intimated the same to the concerned company.”'' <ref name=":1" /></blockquote>		After public disclosure, Fallible shared their frustration with the company, responding with; <blockquote>''"We have always respected a company’s request if they wanted more time to fix any issue but sadly they stopped responding after 4 weeks which led to us warning users that their data is out in the open. In fact, the ‘fix’ applied right now is incomplete and the vulnerability exists even now and we have intimated the same to the concerned company.”'' <ref name=":1" /></blockquote>

Mr Pollo at 15:40, 6 March 2026

2026-03-06T15:40:43Z

← Older revision		Revision as of 15:40, 6 March 2026
Line 23:		Line 23:
	==References==		==References==
	{{reflist}}		{{reflist}}
			[[Category:2017 incidents]]
	[[Category:McDonald's]]		[[Category:McDonald's]]

JakeL at 00:07, 1 March 2026

2026-03-01T00:07:20Z

← Older revision		Revision as of 00:07, 1 March 2026
Line 7:		Line 7:
	\|ArticleType=Service		\|ArticleType=Service
	\|Type=Privacy, Security		\|Type=Privacy, Security
	\|Description=:)		\|Description=
	}}A cyber security firm named Fallible, announced to the media of a McDelivery leak that leaked over 2.2 million customers private information after numerous attempts to urge [[McDonald's]] to patch the issue over the span of 4 weeks. <ref name=":0">{{Cite web \|last=Goud \|first=Naveen \|date=2017-03-20 \|title=Cyber Attack on McDonald’s app leaks info of 2.2 million users \|url=https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|url-status=live \|access-date=2026-02-13 \|website=Cybersecurity Insiders \|archive-url=http://web.archive.org/web/20250616142010/https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|archive-date=16 Jun 2025}}</ref> The company issue an statement and a patch, however it was not implemented correctly and would be fixed at a later date.		}}A cyber security firm named Fallible, announced to the media of a McDelivery leak that leaked over 2.2 million customers private information after numerous attempts to urge [[McDonald's]] to patch the issue over the span of 4 weeks. <ref name=":0">{{Cite web \|last=Goud \|first=Naveen \|date=2017-03-20 \|title=Cyber Attack on McDonald’s app leaks info of 2.2 million users \|url=https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|url-status=live \|access-date=2026-02-13 \|website=Cybersecurity Insiders \|archive-url=http://web.archive.org/web/20250616142010/https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|archive-date=16 Jun 2025}}</ref> The company issue an statement and a patch, however it was not implemented correctly and would be fixed at a later date.

Big Mac: Adding Category:McDonald's

2026-02-25T05:52:22Z

Adding Category:McDonald's

← Older revision		Revision as of 05:52, 25 February 2026
Line 23:		Line 23:
	==References==		==References==
	{{reflist}}		{{reflist}}

			[[Category:McDonald's]]

Bananabot: Added archive URLs for 3 citation(s) using CRWCitationBot

2026-02-23T06:08:29Z

Added archive URLs for 3 citation(s) using CRWCitationBot

← Older revision		Revision as of 06:08, 23 February 2026
Line 8:		Line 8:
	\|Type=Privacy, Security		\|Type=Privacy, Security
	\|Description=:)		\|Description=:)
	}}A cyber security firm named Fallible, announced to the media of a McDelivery leak that leaked over 2.2 million customers private information after numerous attempts to urge [[McDonald's]] to patch the issue over the span of 4 weeks. <ref name=":0">{{Cite web \|last=Goud \|first=Naveen \|date=2017-03-20 \|title=Cyber Attack on McDonald’s app leaks info of 2.2 million users \|url=https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|url-status=live \|access-date=2026-02-13 \|website=Cybersecurity Insiders}}</ref> The company issue an statement and a patch, however it was not implemented correctly and would be fixed at a later date.		}}A cyber security firm named Fallible, announced to the media of a McDelivery leak that leaked over 2.2 million customers private information after numerous attempts to urge [[McDonald's]] to patch the issue over the span of 4 weeks. <ref name=":0">{{Cite web \|last=Goud \|first=Naveen \|date=2017-03-20 \|title=Cyber Attack on McDonald’s app leaks info of 2.2 million users \|url=https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|url-status=live \|access-date=2026-02-13 \|website=Cybersecurity Insiders \|archive-url=http://web.archive.org/web/20250616142010/https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|archive-date=16 Jun 2025}}</ref> The company issue an statement and a patch, however it was not implemented correctly and would be fixed at a later date.

	==The Hack==		==The Hack==
	On February 7, 2017, Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web \|date=2017-03-17 \|title=McDonalds India is leaking 2.2 million users data \|url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|url-status=live \|access-date=2026-02-05 \|website=Hackernoon}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web \|last=Arghire \|first=Ionut \|date=2017-03-20 \|title=McDonald’s App Leaks Details of 2.2 Million Customers \|url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|url-status=live \|access-date=2026-02-13 \|website=Security Week}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />		On February 7, 2017, Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web \|date=2017-03-17 \|title=McDonalds India is leaking 2.2 million users data \|url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|url-status=live \|access-date=2026-02-05 \|website=Hackernoon \|archive-url=http://web.archive.org/web/20250821162041/https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|archive-date=21 Aug 2025}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web \|last=Arghire \|first=Ionut \|date=2017-03-20 \|title=McDonald’s App Leaks Details of 2.2 Million Customers \|url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|url-status=live \|access-date=2026-02-13 \|website=Security Week \|archive-url=http://web.archive.org/web/20251206202836/https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|archive-date=6 Dec 2025}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />
	[[File:2017 McDonalds India Leak Screenshot.png\|alt=2017 McDonald's India Personal leaked Info Showcase\|thumb\|Personal leaked Info Showcase]]		[[File:2017 McDonalds India Leak Screenshot.png\|alt=2017 McDonald's India Personal leaked Info Showcase\|thumb\|Personal leaked Info Showcase]]
	[[File:McDonald's India Official Statement on Facebook.png\|alt=McDonald's India Official Statement on Facebook\|thumb\|Official Statement on Facebook]]		[[File:McDonald's India Official Statement on Facebook.png\|alt=McDonald's India Official Statement on Facebook\|thumb\|Official Statement on Facebook]]

SquidthePlummer: got fries and cooked them on the grill (sources, info, images, quotes, blah blah blah, 6-7. will add sources later and fix various sentences and grammar issues

2026-02-14T04:51:43Z

got fries and cooked them on the grill (sources, info, images, quotes, blah blah blah, 6-7. will add sources later and fix various sentences and grammar issues

← Older revision		Revision as of 04:51, 14 February 2026
Line 8:		Line 8:
	\|Type=Privacy, Security		\|Type=Privacy, Security
	\|Description=:)		\|Description=:)
	}}		}}A cyber security firm named Fallible, announced to the media of a McDelivery leak that leaked over 2.2 million customers private information after numerous attempts to urge [[McDonald's]] to patch the issue over the span of 4 weeks. <ref name=":0">{{Cite web \|last=Goud \|first=Naveen \|date=2017-03-20 \|title=Cyber Attack on McDonald’s app leaks info of 2.2 million users \|url=https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ \|url-status=live \|access-date=2026-02-13 \|website=Cybersecurity Insiders}}</ref> The company issue an statement and a patch, however it was not implemented correctly and would be fixed at a later date.
	{{Ph-I-~~Int}}~~
	==~~Background~~==
	~~{{Ph~~-I-B}}

	==~~[Incident]~~==		==The Hack==
	{{Ph-I-I}}		On February 7, 2017, Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web \|date=2017-03-17 \|title=McDonalds India is leaking 2.2 million users data \|url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 \|url-status=live \|access-date=2026-02-05 \|website=Hackernoon}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web \|last=Arghire \|first=Ionut \|date=2017-03-20 \|title=McDonald’s App Leaks Details of 2.2 Million Customers \|url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ \|url-status=live \|access-date=2026-02-13 \|website=Security Week}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />
			[[File:2017 McDonalds India Leak Screenshot.png\|alt=2017 McDonald's India Personal leaked Info Showcase\|thumb\|Personal leaked Info Showcase]]
			[[File:McDonald's India Official Statement on Facebook.png\|alt=McDonald's India Official Statement on Facebook\|thumb\|Official Statement on Facebook]]
			After public disclosure, Fallible shared their frustration with the company, responding with; <blockquote>''"We have always respected a company’s request if they wanted more time to fix any issue but sadly they stopped responding after 4 weeks which led to us warning users that their data is out in the open. In fact, the ‘fix’ applied right now is incomplete and the vulnerability exists even now and we have intimated the same to the concerned company.”'' <ref name=":1" /></blockquote>

	===~~[Company]~~'s ~~response===~~		== Aftermath ==
	~~{{Ph-I-ComR}}~~		The same day as the announcement, McDonald's responded on Facebook saying it doesn't store any financial data, citing their website and app are secure and safe to use through updates in their security measures, while also urging users to update the McDelivery app. The update didn't fully implement the patch correctly, resulting in millions of customers still at risks of the attack, however the company eventually implemented a full on patch, though the exact date is unknown.


	~~==Lawsuit==~~
	~~{{Ph-I-L}}~~


	~~==Consumer response==~~
	~~{{Ph-I-ConR}}~~

			There is no official statement or response indicating that the original perpetrators were caught.

	==References==		==References==
	{{reflist}}		{{reflist}}

	~~{{Ph-I-C}}~~

SquidthePlummer: :)

2026-02-14T02:40:50Z

New page

{{IncidentCargo
|Company=McDonald's, McDonald's
|StartDate=2017-02-17
|EndDate=2017-03-20
|Status=Resolved
|Product=McDelivery
|ArticleType=Service
|Type=Privacy, Security
|Description=:)
}}
{{Ph-I-Int}}
==Background==
{{Ph-I-B}}

==[Incident]==
{{Ph-I-I}}

===[Company]'s response===
{{Ph-I-ComR}}

==Lawsuit==
{{Ph-I-L}}

==Consumer response==
{{Ph-I-ConR}}

==References==
{{reflist}}

{{Ph-I-C}}