McDonald's claim there is no evidence of exploitation.
McDonald’s delivery system in India featured an API vulnerability which saw the exposure of customer and driver information.
According to TechRadar, the Hardcastle Restaurants-owned delivery system affected McDonald's India (West & South), with customer and driver details both leaked.
Despite the flaw being disclosed by Traceable AI security researcher Eaton Zveare, McDonald's India (West & South) said there has been no evidence of the exploitation of the now-addressed vulnerability to compromise customer data.
"We conduct regular audits and assessments to continuously strengthen our security measures, and have all the necessary enhancements implemented, ensuring all our systems are up to date and secure," said McDonald's India (West & South) spokesperson Sulakshna Mukherjee.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
