1. Forum
  2. tqwNet
  3. TQW GENTECH

  • They weren't lovin' it - hacker cracks McDonald's security in que

    From TechnologyDaily@1337:1/100 to All on Tuesday, August 26, 2025 21:30:08
    They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky

    Date:
    Tue, 26 Aug 2025 20:26:00 +0000

    Description:
    A free nuggets hack apparently exposed major McDonalds security flaws.

    FULL STORY ======================================================================Research er finds a free nuggets exploit exposed much deeper flaws within McDonalds systems McDonalds apparently has no obvious path for researchers to report vulnerabilities A URL change from login to register granted account access

    What began as an attempt to claim free food through the McDonalds app rewards system turned into something far more revealing for one expert.

    A security researcher known as BobDaHacker discovered serious weaknesses in McDonalds online systems while trying to redeem a reward for free McNuggets through the companys mobile app.

    The flaw ran deep, granting access to the Feel-Good Design Hub, a central platform for marketing assets and brand materials used by employees and agencies in more than 120 countries. Reporting security issues the hard way

    Attempts to disclose these flaws highlighted another concern: McDonalds had
    no clear path for researchers to report vulnerabilities - according to Bob, the company once had a security.txt file listing contacts, but it disappeared just months after being posted.

    With no direct disclosure channel, Bob had to dig through LinkedIn for staff names and repeatedly call headquarters until someone finally responded.

    This drawn-out process suggests other researchers may give up long before their findings reach the right people.

    Even after McDonalds replaced its password system with an account-based
    login, another oversight remained.

    By altering login to register in the URL, Bob was able to create new accounts with full access.

    Worse still, when registering, the system emailed plain-text passwords - a practice discredited for decades because of the risks it creates for identity theft and misuse.

    While companies at McDonalds scale face unique challenges in rolling out secure systems, such basic failures raise difficult questions about priorities.

    This is not the first time McDonalds has faced scrutiny for weak safeguards, as just a month earlier, a different issue came to light when a platform storing private data was protected by the password 123456.

    When flaws are repeatedly so easy to exploit, it raises doubts about whether firewalls , security suites , or even routine internal reviews are consistently applied.

    For a corporation with global reach, lapses of this kind have consequences beyond marketing assets, as employee and customer information could be at stake.

    McDonalds reportedly fixed most of the vulnerabilities flagged by Bob, but
    the company has not reestablished a reliable reporting channel for future disclosures.

    Without one, the risk remains that serious flaws will be overlooked or
    ignored until exploited.

    Via Toms Hardware You might also like These are the best VPNs with antivirus you can use right now Take a look at our pick of the best internet security suites Still use Skype at work? Bad news, hackers are targeting it with dangerous malware



    ======================================================================
    Link to news story: https://www.techradar.com/pro/they-werent-lovin-it-hacker-cracks-mcdonalds-sec urity-in-quest-for-free-nuggets-and-it-was-apparently-not-too-tricky


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)