McDonald’s denies claims that their Indian app has leaked personal information for 2.2 million users.
Cybersecurity firm Fallible has stated that they believe McDonald’s Indian app, McDelivery, may have leaked personal info on as much as 2.2 million users. The leaked information is said to include names, phone numbers, email addresses, home addresses, accurate home-coordinates and social profile links. Cybersecurity experts have stated that the information could be used to later gain access to credit cards or e-wallets.
The app in question was created by Westlife Development, which runs McDonald’s operations in south and west India. McDonald’s themselves deny the claim made by Fallible, and have said that no sensitive information, such as debit card info, could have been accessed: “We would like to inform our users that our website and app does not store any sensitive financial data of users like credit card details, wallets passwords or bank account information. The website and app has always been safe to use, and we update security measure on regular basis. As a precautionary measure, we would also urge our users to update the McDelivery app on their devices. At McDonald’s India, we are committed to our users’ data privacy and protection.”
Amit Singh, co-founder of cloud migration company Yitsol, questioned McDonald’s reassuring claims, “Security is the last priority of many firms in India. I know of incidents in Hyderabad, where hackers stole user information from startups and demanded ransom in Bitcoins.” This is of course, a dangerous attitude, especially in a country that is becoming more and more digital in recent times.
Fallible said that they contacted McDonald’s about the security flaw on February 7, and a senior member of their IT staff acknowledged their findings, calling into question their claim of the app having ‘always been safe’. A fix has apparently been put in place, but this Saturday, Fallible added in a blog post that “The McDonald’s fix is incomplete and the endpoint is still leaking data:”
source: Times of India