Privacy on the internet is a myth. Cyber security is just an illusion and data leaks are getting increasingly common these days. One of the latest victims of a major security flaw has been the McDelivery app, which has been leaking user data. Reports have indicated that this leak has lead to over 2.2 Million people being affected. The leaks have been reported by Fallible on a blog post. Let us take a detailed look at this flaw –
McDonalds India operates in two distinct regions in India – it is divided in North and East, and South and West. The South and West division runs the McDelivery app and website, which has been affected in these leaks. The North and East based users are secure. The flaw in the McDelivery app has resulted in over 2.2 Million users being affected – name, email address, phone number, home address, accurate home co-ordinates, and social profile links of the users have been leaked.
Reports from Fallible claim that “an unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information.” Many independent researchers have since backed this claim stating that the McDelivery app is indeed vulnerable.
McDoanlds India was contacted over this and the company has issued a statement stating that no financial data is ever stored on their website or their app. While they have not openly said that there is a security flaw, the company has urged the users to update their app to the latest version. However the new update to the McDelivery India app still does not fix the problem, as per Fallible reports.
Privacy and cyber security is one of the most debated topics of the recent times and reports like this add fuel to fire!