McDelivery app reportedly leaked data of 2.2mn users, company denies the reports

By : |March 20, 2017 0

One delicious burger might hand your personal information to cyber criminals. Yes, when giant tech companies like Yahoo, can fall prey to cyber attacks, we can quickly estimate the security conditions of a typical home-delivery app.

The firm in question is McDonald’s India app McDelivery which has reportedly leaked personal information of its customers, according to a cyber security startup Fallible.

The startup claims that McDonald’s India’s mobile app is leaking data of 2.2 million users, which includes “name, email address, phone number, home address, accurate home co-ordinates, and social profile links.”

In a blog post, the startup wrote, “an unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information.”

However, denying the claims, the company has sent an official statement dismissing such reports.

“We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information.”

Though McDonald’s did not talk specifically about the leak, the company wrote, “we are committed to our users’ data privacy and protection.”

Fallible said that it reported the company about the endpoints error on February 4. The leak remained unplugged hours after Fallible’s blog post was published, so if the data hadn’t been accessed earlier, it could’ve certainly been downloaded since

McDonald’s further wrote, “The website and app have always been safe to use, and we update security measure on a regular basis. As a precautionary measure, we would also urge our users to update the McDelivery app on their devices.”

Considering the lack of clarity on the matter, it is better to follow the precautionary measures.