McDonald’s Delivery app in India leaked private details about 2.2 million customers, a Security agency has discovered.
A poorly configured server gave someone access to the names, emails, home addresses and speak to numbers of users, said Fallible.
Sending a easy request to the server produced loads of information about users, it said.
McDonald’s India mentioned it had mounted the app and advised customers to put in the up to date model.
The McDelivery app is operated with the aid of Westlife Building which oversees McDonald’s eating places in south and west India.
In a observation sent to the Occasions of India, McDonald’s India said the app did not store any “delicate monetary information” reminiscent of credit card numbers, passwords or bank account small print.
“The web site and app have all the time been safe to make use of and we replace security measures frequently,” it told the newspaper.
Fallible said it had checked after the app was up to date and located that it was nonetheless leaking information, but gave no important points about the extent of this leak.
It added that it had advised McDonald’s concerning the extra up to date downside it revealed and was once looking forward to a 2nd response.
One app user is believed to have already began legal action over the leaky server, stories The Hindu.
Safety firm Fallible stated that the lack of sturdy knowledge protection laws in India and the absence of any significant penalty for leaking data intended many firms did little to give protection to person knowledge.
It claimed to have uncovered “greater than 50” instances of knowledge leaks at Indian companies.
“We Are pleasantly surprised once we in finding Indian firms without a non-public or cost data leak vulnerability,” it said.