McDonald India’s App Data Leaked

McDelivery, McDonald’s India app, suffered failure on Saturday and delivered its customers’ personal information, reported Cybersecurity firm, Fallible. Information such as names, phone numbers, emails, home addresses and social profile links were leaked of “more than 2.2 million” of its users.

Fallible wrote in a blogpost, An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information.

McDonald has urged its customers to update the McDelivery app on their smartphones and other devices. It has also, however, denied that any data has been breached and assured people that the company’s app is safe.

The fast food chain in India operates as two separate wings – McDonald’s India (West & South) and McDonald’s India (North & East). The app and website are managed and run by the West and South wing, so it seems that customers in the north and east have not been affected by the information leak.

McDonald responded with, Our website and app do not store any sensitive financial data of users like credit card details, wallet passwords or bank account information. As a precautionary measure, we would… urge our users to update the McDelivery app on their devices.