Techly NewsGet the app

Get the latest tech news

MCDonald’s Free Nuggets Hack Leads to Expose of Confidential Data


A series of alarming vulnerabilities in McDonald's digital infrastructure, from free food exploits to exposed executive data.

What started as a simple app glitch developed into a months-long trial, culminating in the researcher, BobDaHacker, cold-calling the company’s headquarters while mentioning security employees he found on LinkedIn. JavaScript files in the Design Hub revealed more: exposed Magicbell API keys and secrets allowed listing users and sending phishing notifications via McDonald’s infrastructure. Further issues included misconfigured Stravito access, exposing internal documents to low-level staff, and exploits in CosMc’s experimental restaurant app, such as unlimited coupon redemptions and arbitrary order data injection.

Get the Android app

Or read this on r/technology

Read more on:

Photo of McDonald’s

McDonald’s

Photo of confidential data

confidential data

Photo of free nuggets hack

free nuggets hack

Related news:

News photo

'123456' password exposed chats for 64 million McDonald’s job applications

News photo

'123456' password exposed chats for 64 million McDonald’s job applicants

News photo

'123456' password exposed info for 64 million McDonald’s job applicants

« Amazon Cloud Chief Says Replacing Junior Staff With AI is 'Dumbest' Idea
To heck with export controls! Nvidia reportedly plotting cut-down B300 for Chinese market »