Techly NewsGet the app

Get the latest tech news

I Hacked McDonald's (Security Contact Was Harder to Find Than Secret Recipe)


How I found critical security vulnerabilities in McDonald's systems affecting millions of employees, and had to cold-call their HQ pretending to know security staff just to report them.

The McDonald's Feel-Good Design Hub is their central platform for brand assets and marketing materials - used by teams and agencies across 120 countries. McDonald's has different portals for different employee levels that you have to oauth into with GAS but basic crew member accounts could access executive systems. Keep your security.txt file up and current Have an actual security contact that doesn't require calling your HQ Consider a bug bounty program so researchers have a clear path for reporting

Get the Android app

Or read this on Hacker News

Read more on:

Photo of McDonald

McDonald

Photo of security contact

security contact

Photo of secret recipe

secret recipe

Related news:

News photo

McDonald's not lovin' it when hacker exposes nuggets of rotten security

News photo

McDonald's not lovin' it when hacker exposes nuggets of rotten security

News photo

Chaotic Pokémon and McDonald's collaboration in Japan ends early due to shocking food waste

« Arch Linux Faces 'Ongoing' DDoS Attack
Assassin's Creed Mirage will get fresh content later this year and it'll be completely free »