Critical Vulnerabilities Discovered at McDonald's: Customer Data at Risk.

According to inkorr.com: According to a report from Tom's Hardware, researcher BobDaHacker uncovered serious issues in McDonald's digital infrastructure. These problems allowed attackers to gain access to confidential customer data and the company's internal systems. Moreover, it turned out that the company started responding to the researcher's inquiries quite slowly.

One of the vulnerabilities was the account system in the Feel-Good Design Hub service for McDonald's employees. It turned out that by simply changing the URL from 'login' to 'register', unauthorized access could be obtained. This not only highlights a security issue within the company but also raises questions about the seriousness of their approach to this matter.

• There were errors with mandatory fields in the Design Hub registration system, complicating the account creation process.
• Passwords for new users were sent in plaintext.
• API keys and secrets of McDonald's were found in the JavaScript code that attackers could use for their purposes.

It is Difficult to Report Security Issues

The researcher had to put in considerable effort to communicate the discovered vulnerabilities. Even after 'most vulnerabilities' were fixed, it was challenging to find a channel for reporting other potential security issues. Even the employee who helped resolve the problems was dismissed.

Thus, serious vulnerabilities have been found in McDonald's digital infrastructure, allowing access to confidential data and internal systems of the company. Despite some fixes, the slow response and lack of a reporting channel for security issues raise doubts about the company's approach to protecting information.