McDonald's 2017 India Leak: Difference between revisions

(3 intermediate revisions by 3 users not shown)

Line 7:

|ArticleType=Service

|Type=Privacy, Security

|Description=:)

|Description=

}}A cyber security firm named Fallible, announced to the media of a McDelivery leak that leaked over 2.2 million customers private information after numerous attempts to urge [[McDonald's]] to patch the issue over the span of 4 weeks. <ref name=":0">{{Cite web |last=Goud |first=Naveen |date=2017-03-20 |title=Cyber Attack on McDonald’s app leaks info of 2.2 million users |url=https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ |url-status=live |access-date=2026-02-13 |website=Cybersecurity Insiders |archive-url=http://web.archive.org/web/20250616142010/https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ |archive-date=16 Jun 2025}}</ref> The company issue an statement and a patch, however it was not implemented correctly and would be fixed at a later date.

==The Hack==

On February 7, 2017, Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web |date=2017-03-17 |title=McDonalds India is leaking 2.2 million users data |url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |url-status=live |access-date=2026-02-05 |website=Hackernoon |archive-url=http://web.archive.org/web/20250821162041/https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |archive-date=21 Aug 2025}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web |last=Arghire |first=Ionut |date=2017-03-20 |title=McDonald’s App Leaks Details of 2.2 Million Customers |url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |url-status=live |access-date=2026-02-13 |website=Security Week |archive-url=http://web.archive.org/web/20251206202836/https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |archive-date=6 Dec 2025}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />

[[File:2017 ~~McDonalds~~ India ~~Leak Screenshot~~.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]

[[File:2017 McDonald's India leak screenshot.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]

[[File:McDonald's India Official Statement on Facebook.png|alt=McDonald's India Official Statement on Facebook|thumb|Official Statement on Facebook]]

After public disclosure, Fallible shared their frustration with the company, responding with; <blockquote>''"We have always respected a company’s request if they wanted more time to fix any issue but sadly they stopped responding after 4 weeks which led to us warning users that their data is out in the open. In fact, the ‘fix’ applied right now is incomplete and the vulnerability exists even now and we have intimated the same to the concerned company.”'' <ref name=":1" /></blockquote>

Line 23:

==References==

[[Category:2017 incidents]]

[[Category:McDonald's]]

@@ Line 7: / Line 7: @@
 |ArticleType=Service
 |Type=Privacy, Security
-|Description=:)
+|Description=
 }}A cyber security firm named Fallible, announced to the media of a McDelivery leak that leaked over 2.2 million customers private information after numerous attempts to urge [[McDonald's]] to patch the issue over the span of 4 weeks. <ref name=":0">{{Cite web |last=Goud |first=Naveen |date=2017-03-20 |title=Cyber Attack on McDonald’s app leaks info of 2.2 million users |url=https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ |url-status=live |access-date=2026-02-13 |website=Cybersecurity Insiders |archive-url=http://web.archive.org/web/20250616142010/https://www.cybersecurity-insiders.com/cyber-attack-on-mcdonalds-app-leaks-info-of-2-2-million-users/ |archive-date=16 Jun 2025}}</ref> The company issue an statement and a patch, however it was not implemented correctly and would be fixed at a later date.
 ==The Hack==
 On February 7, 2017,  Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web |date=2017-03-17 |title=McDonalds India is leaking 2.2 million users data |url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |url-status=live |access-date=2026-02-05 |website=Hackernoon |archive-url=http://web.archive.org/web/20250821162041/https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |archive-date=21 Aug 2025}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web |last=Arghire |first=Ionut |date=2017-03-20 |title=McDonald’s App Leaks Details of 2.2 Million Customers |url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |url-status=live |access-date=2026-02-13 |website=Security Week |archive-url=http://web.archive.org/web/20251206202836/https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |archive-date=6 Dec 2025}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />
-[[File:2017 McDonalds India Leak Screenshot.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]
+[[File:2017 McDonald's India leak screenshot.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]
 [[File:McDonald's India Official Statement on Facebook.png|alt=McDonald's India Official Statement on Facebook|thumb|Official Statement on Facebook]]
 After public disclosure, Fallible shared their frustration with the company, responding with; <blockquote>''"We have always respected a company’s request if they wanted more time to fix any issue but sadly they stopped responding after 4 weeks which led to us warning users that their data is out in the open. In fact, the ‘fix’ applied right now is incomplete and the vulnerability exists even now and we have intimated the same to the concerned company.”'' <ref name=":1" /></blockquote>
@@ Line 23: / Line 23: @@
 ==References==
 {{reflist}}
+[[Category:2017 incidents]]
+[[Category:McDonald's]]