 "Data theft scare: McDonald's asks its delivery users in India to update app")
McDonald’s has asked users of its McDelivery service in India to update the app on their smartphones as a precaution, after a blog alleging that personal data of 2.2 million customers could have been leaked due to a vulnerability.
“We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information,” said a McDonald’s India spokesperson.
Data security firm Fallible in a post on popular blogging platform Medium alleged that it had found the vulnerability in the McDonald’s app, and despite receiving an acknowledgement from the company, the issue was not fixed for over a month. The post said information such as names, phone numbers, email ids, addresses, home coordinates and links to social handles of users of the McDelivery app were vulnerable to leak. Fallible traced the vulnerability to the presence of an “unprotected publicly accessible API endpoint” that could be used to access the user information.
“The lack of strong data protection and privacy laws or penalties in India, unlike the European Union, United States or Singapore has led to companies ignoring user data protection,” read the post by Fallible.
Fallible claims it contacted McDonald’s on February 7 regarding the vulnerability, and while it got an acknowledgement from a senior IT manager on February 13, the issue was still not fixed. The company followed the responsible disclosure policy, but upon seeing that the issue was not fixed, decided to finally make the news public.
The company updated the post saying that McDonald’s had contacted them saying the issue was fixed.
While it isn’t known if the bug in the McDonald’s app has led to data being stolen, the US-based fast-food chain has become the latest company to be hauled up for having less than secure systems online. Ride hailing app Ola, music streaming service Gaana, restaurant discovery service Zomato, have all made headlines for having vulnerabilities involving user data.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%