37
I can't even summarize this. I'm only half through reading and there are plain text passwords sent via emails and unauthenticated admin panels. This is crazy for a company of this size.
This is all too common for a company of this size. Bigger doesn't mean better.
Really incredible. This is what I imagined hacking stopped being like in 1995. I applaud Bob for having the inner fortitude to not just exploit them for infinite nuggies. The fact someone got fired for it probably contributes to why the security is so bad, corporations truly don't deserve white hat hackers.
I applaud Bob for having the inner fortitude to not just exploit them for infinite nuggies
My literal first thought was "got dammit, why didn't I try that" (I had assumed McD would have rolled out an app with proper server-side validation and never bothered)
I do not have the inner fortitude to not exploit a giant corpo for free nuggies LMAO
I'm downloading the android SDK again. Can't say for sure what I'm going to do with it but I can say for sure you woln't be reading about client side validated food from me.
woln't be reading about client side validated food from me.
I'll make an attempt to call their security department to disclose a security issue to them, but if they can't hear me through my mouth full of nuggies, that's their problem ¯\_(ツ)_/¯
this post was submitted on 20 Aug 2025
37 points (97.4% liked)
cybersecurity
5026 readers
7 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 2 years ago
MODERATORS