When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
For the drivers, it exposed vehicle numbers, profile pictures, and tracked real-time location of their deliveries.
Besides, the bug allowed people to access, hijack, redirect, or track orders in real-time.
They could also make orders for as little as $0.01.
Allegedly, no threat actors stumbled upon this bug, and no customers were actually exposed.
The McDelivery (West & South) mobile app uses the same exact back-end APIs as the website.
As a result, both were vulnerable to the same exploits, the researcher told the publication.
