5 Takeaways from McDonald’s purported data leakage
Fast
food aficionados all over India tend to splurge on McDonalds menu either
through in-store mode or home-delivery mode.
The
preferred mode for home-delivery is the McDelivery APP.
McDonalds
operates in India through two separate entities i.e one for North & East India and another for West & South India.
The
welcome screen on http://www.mcdonaldsindia.com/
requests the user to choose his/
her area. Clicking on either link
will take the user to independent web-screens.
The
North & East footprint is with ‘Connaught Plaza Restaurants Private Limited’,
led by Mr. Vikram Bakshi, JV Partner and Managing Director, North & East
India
The South
& West India footprint is with ‘Hardcastle Restaurants Private Limited,’
led by Ms. Smita Jatia, Managing Director, South & West India
Hence,
there are separate McDelivery Apps for North & East India and West & South India.
According
to a blog post published by Cybersecurity firm Fallible , "an unprotected
publicly accessible API endpoint for getting user details coupled with serially
enumerable integers as customer IDs can be used to obtain access to all users
personal information."
The
data leakage was through McDonald's India app McDelivery for West & South
India. The data leaked personal information of its customers for an unspecified
duration of time. This included "name, email address, phone number, home
address, accurate home co-ordinates, and social profile links" for
"more than 2.2 million" of its users.
As
customers in North and East of India use another app and website, their data doesn't seem to be impacted by
this leak.
As
of now, McDonald has not issued any Press Statement on its website i.e @ http://www.mcdonaldsindia.com/media_center.html
However,
an official spokesperson for McDonald's India (West & South), the company
that owns and operates the McDelivery app, sent the following statement to
Gadgets 360:
“We
would like to inform our users that our website and app does not store any
sensitive financial data of the users like credit card details, wallets
passwords or bank account information. The website and app has always been safe
to use, and we update security measure on regular basis. As a precautionary
measure, we would also urge our users to update the McDelivery app on their
devices”.
Takeaway
02) Opt to sign-out if your interaction with the APP is less than 3 times a
month. Instead create a fresh User ID, if you intend to interact with the APP,
less than 3 times a month.
Takeaway 03) Use
the ‘Contact Us’, option to let the APP Administrator to disable your account, if
you do not use for 3 months. If you have not used the APP for 3 months, it
means your need to have an account with the APP is minimal.
Takeaway
04) Consider opting for deliveries through Aggregator APPs rather than
Individual restaurant APPs. Of course, it is assumed that Aggregator APPs are
more secure as compared to Individual restaurant APPs
Takeaway 05)
Take calculated risks; Nothing is safe in this world
Recently McDonalds has embarked on
a major branding exercise with its ‘Experience of the Future’ restaurant’s (EOTF)
being launched in India. The first EOTF will be in Mumbai.
McDonalds
is looking for - AGM Information Technology (Consumer Facing Technology).
One
of the major KRAs is – “Drive online delivery and restaurant process
improvement, integration with ecosystem partners (food aggregators, delivery,
payment providers)”
By
the way I always enjoy McDonald’s menu at the store only, so have not
downloaded the McDelivery App!!
Comments
Post a Comment