You are here: Home » Companies » News
Business Standard

Data theft scare: McDonald's asks its delivery users in India to update app

Follows post alleging flaw in McDelivery app may have exposed personal data of 2.2 mn customers

Alnoor Peermohamed  |  Bengaluru 

McDonald, soft drink, beverage, McD
Photo: Shutterstock

McDonald’s has asked users of its service in India to update the app on their as a precaution, after a blog alleging that personal data of 2.2 million customers could have been leaked due to a vulnerability.

“We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information,” said a McDonald’s India spokesperson.

Data security firm in a post on popular blogging platform Medium alleged that it had found the vulnerability in the McDonald’s app, and despite receiving an acknowledgement from the company, the issue was not fixed for over a month. The post said information such as names, phone numbers, email ids, addresses, home coordinates and links to social handles of users of the app were vulnerable to leak. traced the vulnerability to the presence of an “unprotected publicly accessible API endpoint” that could be used to access the user information. 

“The lack of strong data protection and privacy laws or penalties in India, unlike the European Union, United States or Singapore has led to ignoring user data protection,” read the post by

claims it contacted McDonald’s on February 7 regarding the vulnerability, and while it got an acknowledgement from a senior IT manager on February 13, the issue was still not fixed. The company followed the responsible disclosure policy, but upon seeing that the issue was not fixed, decided to finally make the public.

The company updated the post saying that McDonald’s had contacted them saying the issue was fixed.

While it isn’t known if the bug in the McDonald’s app has led to data being stolen, the US-based fast-food chain has become the latest company to be hauled up for having less than secure systems online. Ride hailing app Ola, music streaming service Gaana, restaurant discovery service Zomato, have all made headlines for having vulnerabilities involving user data.

RECOMMENDED FOR YOU

Data theft scare: McDonald's asks its delivery users in India to update app

Follows post alleging flaw in McDelivery app may have exposed personal data of 2.2 mn customers

Follows post alleging flaw in McDelivery app may have exposed personal data of 2.2 mn customers
McDonald’s has asked users of its service in India to update the app on their as a precaution, after a blog alleging that personal data of 2.2 million customers could have been leaked due to a vulnerability.

“We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information,” said a McDonald’s India spokesperson.

Data security firm in a post on popular blogging platform Medium alleged that it had found the vulnerability in the McDonald’s app, and despite receiving an acknowledgement from the company, the issue was not fixed for over a month. The post said information such as names, phone numbers, email ids, addresses, home coordinates and links to social handles of users of the app were vulnerable to leak. traced the vulnerability to the presence of an “unprotected publicly accessible API endpoint” that could be used to access the user information. 

“The lack of strong data protection and privacy laws or penalties in India, unlike the European Union, United States or Singapore has led to ignoring user data protection,” read the post by

claims it contacted McDonald’s on February 7 regarding the vulnerability, and while it got an acknowledgement from a senior IT manager on February 13, the issue was still not fixed. The company followed the responsible disclosure policy, but upon seeing that the issue was not fixed, decided to finally make the public.

The company updated the post saying that McDonald’s had contacted them saying the issue was fixed.

While it isn’t known if the bug in the McDonald’s app has led to data being stolen, the US-based fast-food chain has become the latest company to be hauled up for having less than secure systems online. Ride hailing app Ola, music streaming service Gaana, restaurant discovery service Zomato, have all made headlines for having vulnerabilities involving user data.

image
Business Standard
177 22

Data theft scare: McDonald's asks its delivery users in India to update app

Follows post alleging flaw in McDelivery app may have exposed personal data of 2.2 mn customers

McDonald’s has asked users of its service in India to update the app on their as a precaution, after a blog alleging that personal data of 2.2 million customers could have been leaked due to a vulnerability.

“We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information,” said a McDonald’s India spokesperson.

Data security firm in a post on popular blogging platform Medium alleged that it had found the vulnerability in the McDonald’s app, and despite receiving an acknowledgement from the company, the issue was not fixed for over a month. The post said information such as names, phone numbers, email ids, addresses, home coordinates and links to social handles of users of the app were vulnerable to leak. traced the vulnerability to the presence of an “unprotected publicly accessible API endpoint” that could be used to access the user information. 

“The lack of strong data protection and privacy laws or penalties in India, unlike the European Union, United States or Singapore has led to ignoring user data protection,” read the post by

claims it contacted McDonald’s on February 7 regarding the vulnerability, and while it got an acknowledgement from a senior IT manager on February 13, the issue was still not fixed. The company followed the responsible disclosure policy, but upon seeing that the issue was not fixed, decided to finally make the public.

The company updated the post saying that McDonald’s had contacted them saying the issue was fixed.

While it isn’t known if the bug in the McDonald’s app has led to data being stolen, the US-based fast-food chain has become the latest company to be hauled up for having less than secure systems online. Ride hailing app Ola, music streaming service Gaana, restaurant discovery service Zomato, have all made headlines for having vulnerabilities involving user data.

image
Business Standard
177 22