McDonald's claim there is no evidence of exploitation.
McDonald’s delivery system in India featured an API vulnerability which saw the exposure of customer and driver information.
According to TechRadar, the Hardcastle Restaurants-owned delivery system affected McDonald's India (West & South), with customer and driver details both leaked.
Despite the flaw being disclosed by Traceable AI security researcher Eaton Zveare, McDonald's India (West & South) said there has been no evidence of the exploitation of the now-addressed vulnerability to compromise customer data.
"We conduct regular audits and assessments to continuously strengthen our security measures, and have all the necessary enhancements implemented, ensuring all our systems are up to date and secure," said McDonald's India (West & South) spokesperson Sulakshna Mukherjee.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.