Bangalore-based security firm Fallible claims that personal data of over 2.2 million users have been leaked via the McDonalds App used for delivery in India called McDelivery. The security firm said that it has reached out to Westlife development, which runs McDonalds McDelivery as well as other operations in the sub-continent and has been acknowledged by their IT department on February 13 after submitting it on February 7. Fallible insists however that McDonald’s fix is still incomplete as of March and that users who run the app are still vulnerable just as their leaked data included names, phone numbers, email addresses, home addresses, accurate home-coordinates and social profile links which can easily be used to access banking data by criminals.
McDonalds denied the claim and affirms that their app is secure, requiring only that the user update their app to the latest version, stating “We would like to inform our users that our website and app does not store any sensitive financial data of users like credit card details, wallets passwords or bank account information. The website and app has always been safe to use, and we update security measure on regular basis. As a precautionary measure, we would also urge our users to update the McDelivery app on their devices. At McDonald’s India, we are committed to our users’ data privacy and protection.”
McDonalds’ McDelivery food delivery service is active in 15 different countries worldwide with access to several hundred million customer information daily with the number increasing as the number of people going online increases especially in places like India.
