McDonald's India App Leaked Customer Data, Millions Said to Be Impacted

Advertisement
By Kunal Dua | Updated: 19 March 2017 12:26 IST
Highlights
  • The McDelivery app leaked personal information of McDonald's customers
  • Users in South & West regions impacted
  • McDonald's did not deny the leak; said no financial information stored

McDonald's India app McDelivery leaked personal information of its customers for an unspecified duration of time, Cybersecurity firm Fallible reported on Saturday. This included "name, email address, phone number, home address, accurate home co-ordinates, and social profile links" for "more than 2.2 million" of its users.

According to a blog post published by the firm, "an unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information." Gadgets 360 was able to independently verify this claim using information provided by the firm to access data of some customers.

Advertisement

It's worth pointing out that McDonald's operations in India are split into two entities - McDonald's India (West & South) and McDonald's India (North & East), and the McDelivery app and website are owned and operated by the former entity. Customers in North and East of India use another app and website, so their data doesn't seem to be impacted by this leak.

Advertisement

Fallible says it first reported the issue to McDonald's India on February 4, though it's possible the leak has been around for much longer. It's unclear at this point if anyone else knew about the leak and if they were able to exploit it to download data of all McDonald's India (West & South) customers. The leak remained unplugged hours after Fallible's blog post was published, so if the data hadn't been accessed earlier, it could've certainly been downloaded since.

At the time of publishing this post, McDonald's seems to have plugged the hole that we used to access user data, but Fallible says "The McDonald's fix is incomplete and the endpoint is still leaking data. We have communicated this again to them and are waiting for their response."

Advertisement

An official spokesperson for McDonald's India (West & South), the company that owns and operates the McDelivery app, sent the following statement to Gadgets 360:

We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information. The website and app has always been safe to use, and we update security measure on regular basis. As a precautionary measure, we would also urge our users to update the McDelivery app on their devices.

Advertisement

As is clear from the statement, the company does not deny that personal information was being leaked; instead it's just highlighting the fact that the company stores no financial information of the users - as if that's supposed to make customers feel better. Unfortunately, in the absence of strong data privacy and protection laws, customers in India have no real recourse but to get on with their lives.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Oppo Find X9 Ultra With 200-Megapixel Periscope Camera Launched Globally
  2. Motorola Edge 70 Pro+ Leaked Renders Hint at Design, Five Colour Options
  3. Poco M8s 5G Debuts Globally With 7,000mAh Battery: See Price, Features
  4. Vivo X300 FE Roundup: Expected Price in India, Specifications
  5. Jailer 2 OTT Release Date Reportedly Revealed Online: When and Where to Watch it Online?
  6. Motorola Edge 70 Fusion Review
  7. These Vivo Smartphones Will Cost More in India Due to the Latest Price Hike
  8. NASA Shuts Down Voyager 1 Instrument to Extend Mission Life in Deep Space
  1. NASA Shuts Down Voyager 1 Instrument to Extend Mission Life in Deep Space
  2. Oppo Enco Clip 2 With Open-Ear Design, Up to 40 Hours Total Battery Life Launched Alongside Oppo Watch X3 Mini
  3. Vivo Y6t Launched With 6,500mAh Battery, Snapdragon 4 Gen 2 SoC: Price, Specifications
  4. OCBC Partners Lion Global Investors and DigiFT to Launch Tokenised Gold Fund With GOLDX Token
  5. Oppo Pad 5 Pro Launched With 13,380mAh Battery, Snapdragon 8 Elite Gen 5 SoC Alongside Oppo Pad Mini: Price, Features
  6. Redmi K90 Max Launched With Dimensity 9500 SoC, 8,550mAh Battery and Active Cooling Fan: Price, Specifications
  7. Oppo Find X9 Ultra Launched With Snapdragon 8 Elite Gen 5 SoC, 200-Megapixel Periscope Camera: Price, Specifications
  8. Oppo Find X9s Pro Launched With 200-Megapixel Cameras, 7,025mAh Battery: Price, Specifications
  9. OnePlus Ace 6 Ultra Geekbench Listing Reveals MediaTek Dimensity 9500 Chip, 16GB RAM
  10. Motorola Edge 70 Pro+ Leaked Renders Hint at Design, Five Colour Options
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.