20 March 2017, India:
Popular fast food restaurant chain McDonalds or McD as we say is under the radar for data leaks in India. As per the post by hackernoon, the McDonald’s India app, McDelivery is leaking personal data for more than 2.2 million of its users which includes name, email address, phone number, home address, accurate home co-ordinates and social profile links.
However, McDonalds India did not admit or deny any such claims and said, “We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information. The website and app has always been safe to use, and we update security measure on regular basis. As a precautionary measure, we would also urge our users to update the McDelivery app on their devices.”
Statement from McDonalds India. pic.twitter.com/1tK5D1FACp
— McDonald’s India (@mcdonaldsindia) March 18, 2017
Hackernoon stated, “We contacted McDelivery on 7th Feb and received an acknowledgment from a Senior IT Manager on 13th Feb (33 days ago). The issue has not been fixed yet and our continued effort to get an update for the fix after the initial acknowledgment has failed.
An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information.”
It further mentioned that The lack of strong data protection and privacy laws or penalties in India, unlike the European Union, the United States or Singapore has led to companies ignoring user data protection. (Image- McDonalds)