McDonald's 2017 India Leak: Difference between revisions

Line 12:

==The Hack==

On February 7, 2017, Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web |date=2017-03-17 |title=McDonalds India is leaking 2.2 million users data |url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |url-status=live |access-date=2026-02-05 |website=Hackernoon |archive-url=http://web.archive.org/web/20250821162041/https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |archive-date=21 Aug 2025}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web |last=Arghire |first=Ionut |date=2017-03-20 |title=McDonald’s App Leaks Details of 2.2 Million Customers |url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |url-status=live |access-date=2026-02-13 |website=Security Week |archive-url=http://web.archive.org/web/20251206202836/https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |archive-date=6 Dec 2025}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />

[[File:2017 ~~McDonalds~~ India ~~Leak Screenshot~~.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]

[[File:2017 McDonald's India leak screenshot.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]

[[File:McDonald's India Official Statement on Facebook.png|alt=McDonald's India Official Statement on Facebook|thumb|Official Statement on Facebook]]

After public disclosure, Fallible shared their frustration with the company, responding with; <blockquote>''"We have always respected a company’s request if they wanted more time to fix any issue but sadly they stopped responding after 4 weeks which led to us warning users that their data is out in the open. In fact, the ‘fix’ applied right now is incomplete and the vulnerability exists even now and we have intimated the same to the concerned company.”'' <ref name=":1" /></blockquote>

@@ Line 12: / Line 12: @@
 ==The Hack==
 On February 7, 2017,  Fallible first notified McDonald's of a security vulnerability with McDelivery service, receiving acknowledgement from the McDelivery IT Manager on February 13, however no further response were made from McDonald's, resulting in Fallible announcing the leak to the public on March 18. <ref>{{Cite web |date=2017-03-17 |title=McDonalds India is leaking 2.2 million users data |url=https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |url-status=live |access-date=2026-02-05 |website=Hackernoon |archive-url=http://web.archive.org/web/20250821162041/https://hackernoon.com/mcdonalds-india-is-leaking-2-2-million-users-data-d5758b2eb3f8 |archive-date=21 Aug 2025}}</ref> It was reported that 2.2 million customers were affected, <ref name=":0" /> <ref name=":1">{{Cite web |last=Arghire |first=Ionut |date=2017-03-20 |title=McDonald’s App Leaks Details of 2.2 Million Customers |url=https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |url-status=live |access-date=2026-02-13 |website=Security Week |archive-url=http://web.archive.org/web/20251206202836/https://www.securityweek.com/mcdonalds-app-leaks-details-22-million-customers/ |archive-date=6 Dec 2025}}</ref> leaking customers info that included phone numbers, addresses, names, email IDs and home address.<ref name=":1" />
-[[File:2017 McDonalds India Leak Screenshot.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]
+[[File:2017 McDonald's India leak screenshot.png|alt=2017 McDonald's India Personal leaked Info Showcase|thumb|Personal leaked Info Showcase]]
 [[File:McDonald's India Official Statement on Facebook.png|alt=McDonald's India Official Statement on Facebook|thumb|Official Statement on Facebook]]
 After public disclosure, Fallible shared their frustration with the company, responding with; <blockquote>''"We have always respected a company’s request if they wanted more time to fix any issue but sadly they stopped responding after 4 weeks which led to us warning users that their data is out in the open. In fact, the ‘fix’ applied right now is incomplete and the vulnerability exists even now and we have intimated the same to the concerned company.”'' <ref name=":1" /></blockquote>