Header image

API Flaw Saw McDonald's Driver and Customer Information Vulnerable

McDonald's claim there is no evidence of exploitation.


McDonald’s delivery system in India featured an API vulnerability which saw the exposure of customer and driver information.

According to TechRadar, the Hardcastle Restaurants-owned delivery system affected McDonald's India (West & South), with customer and driver details both leaked.

Despite the flaw being disclosed by Traceable AI security researcher Eaton Zveare, McDonald's India (West & South) said there has been no evidence of the exploitation of the now-addressed vulnerability to compromise customer data.

"We conduct regular audits and assessments to continuously strengthen our security measures, and have all the necessary enhancements implemented, ensuring all our systems are up to date and secure," said McDonald's India (West & South) spokesperson Sulakshna Mukherjee.


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.