Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
Blue Diamond Web Services

Blue Diamond Web Services

Your Best Hosting Service Provider!

December 19, 2024

Bugs in a major McDonald’s India delivery system exposed sensitive customer data

A major McDonald’s delivery system in India exposed the personal information of its customers and drivers due to several simple security flaws, TechCrunch has exclusively learned.

The flaws, discovered by security researcher Eaton Zveare, were found in the APIs of the delivery system associated with McDonald’s India (West & South), which is owned by Hardcastle Restaurants.

Zveare told TechCrunch that bugs in the company’s delivery system, McDelivery, meant anyone could access, hijack, redirect, or real-time track orders, or make legitimate orders for $0.01, by interacting with the company’s API, which apps and websites use for placing orders and tracking. This is because the API wasn’t properly checking to make sure the person making requests was allowed to make it. The bugs also allowed access to invoices and provided the ability to submit feedback for customer orders.

The security flaws exposed McDelivery customer full names, email addresses, and phone numbers of McDonald’s India (West & South) customers, and exposed access to vehicle numbers, profile pictures, and track the real-time location of the restaurant chain’s drivers delivering orders.

Zveare found the vulnerabilities and reported them to the restaurant chain in July. They were fixed in late September, per the researcher.

McDonald’s India told TechCrunch that a “thorough verification of systems and logs” showed the flaws did not result in a breach of its customer data.

“We conduct regular audits and assessments to continuously strengthen our security measures, and have all the necessary enhancements implemented, ensuring all our systems are up to date and secure,” Sulakshna Mukherjee, a spokesperson at McDonald’s India (West & South), said in a statement emailed to TechCrunch.

McDonald’s India did not disclose the number of customers whose information may have been exposed by the bugs. However, the researcher told TechCrunch that the flaws exposed access to hundreds of millions of orders.

“The McDelivery (West & South) mobile app uses the same exact backend APIs as the website. As a result, both were vulnerable to the same exploits,” the researcher told TechCrunch.

This is not the first time McDonald’s India has exploited its customers’ sensitive data. In 2017, the delivery app of McDonald’s India (West & South) leaked the personal information of about 2.2 million customers.

Keep reading the article on Tech Crunch


Indian startups raised 32% fewer rounds in 2024 as VCs got selective

Indian startups raised 32% fewer funding rounds in 2024 compared to last year, per new numbers from data intelligence platform Tracxn, signaling that investors are being more selective when striking deals.

The number of startup funding rounds fell to 1,448 compared to 2,114 last year, but overall funding rose 6% to $11.3 billion — the disparity here indicates that investors aren’t shy of whipping out their checkbooks when they want to.

Early-stage investment activity reflected the broader trend, with the number of Series A and Series B deals declining to 387 from 420 a year earlier, though the total capital invested remained steady at $3.16 billion. Fewer startups managed to raise seed funding this year, though, with transactions falling to 925 from 1,545, while funding contracted 22% to $970 million.

Late-stage funding underscored the market’s favor of larger deals, with startups raising 136 Series C and later rounds for a total of $7.13 billion this year — a 12% increase in capital despite lower volume. Startups raised 20 rounds worth more than $100 million in 2024, compared with 18 such rounds in 2023.

India startup and venture snapshot, 2024Image Credits:Traxcn

The public markets emerged as a bright spot, with over 40 startups completing IPOs — an 80% increase from 2023. Swiggy’s $1.35 billion listing last month was this year’s largest tech IPO globally.

A pipeline of more than 20 startups, including quick-commerce group Zepto, and business-to-business marketplace Infra.Market, are preparing to go public in 2025.

A number of early-stage startup deals are also in the works, sources tell me: Quick-commerce startup Swish is in talks to raise about $15 million; Premji Invest in talks to back Digitap; Spotdraft is seeking to raise a debt round; WhistleDrive is in talks to secure about $11 million; Vodex.ai is in advanced stages of discussions to secure about $10 million to $15 million; and 91squarefeet, Galaxeye.space, R for Rabbit, and Biryani by Kilo are in advanced stages of deliberations to close new rounds.

Keep reading the article on Tech Crunch


and this