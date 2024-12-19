McDonald's India user data exposed: A major bug in McDonald India's delivery system exposed data of thousands of customers and delivery partners in the country. The exposed data includes details such as names, phone numbers and email addresses to name a few.

According to a report by TechCrunch, a security researcher called Eaton Zveare found a major bug in the APIs of McDonald's India (West and South) delivery system, which could let anyone access, redirect and track orders in real-time. In addition to this, the bug could also let a hacker place legitimate orders for $0.01 or Rs 0.85 simply by tweaking the company's API that is used by the McDonald's India website, the company's mobile apps and other online delivery platforms in the country. In addition to this, the bug in the API also let anyone get access to invoices and submit feedback for customer orders.

More importantly, the bug in McDonald India's API exposed the full names, email address, and phone numbers of the customers, and vehicle numbers, profile pictures and real-time tracking information of the restaurant chain's delivery partners delivering orders in real-time.

While the exact number of customers and delivery partners affected by this bug remains unclear, the report says that the vulnerability exposed information pertaining to hundreds of millions of orders.

The good news is that the bug that was discovered in July was fixed by the company in late September.

McDonald's India, in a statement to the publication, confirmed the issue while assuring that an internal analysis showed that the bug had not led to a breach of its customer data.