Industry News

McDonald’s Thailand Serves 2000 Customers with a Side of Data Leak

Some 2,000 McDonald’s customers in Thailand have had their data exposed following a successful data breach claimed by a group of Turkish hackers that also breached the Hungarian division of Pepsi.

According to a report published by the CyberWarnews outlet , the hack carried by the Turkish Agent Hacker Group yielded physical and e-mail addresses, phone numbers, and registration dates as well as other private information. These details were dumped on Pastebin.

Yesterday’s hack was no sophisticated attack – it was possible because of the default administrative login credentials “administrator” and “password”.

It appears that the hack of the McDonald’s Thai website is also a form of religious protest, just as in the case of the Pepsi breach. Yesterday’s incident, however, ended with serious collateral damage: 2,000 innocent users’ private information making it on the Internet.

Although the leaked information does not contain credit card numbers or other financial information, it may be used in targeted voice phishing attacks.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.