A hacker who goes by the name The McFlurry bandit has compromised McDonalds twice in recent weeks.
The first attack came on the 10th January when the attacker posted that they had compromised the McDonalds GitHub repo, releasing source code.
Various security researchers have studied the data and stated that it does appear to have come from McDonalds. The files contain configuration data, code assets, script files, docker configuration files, and AWS Lambda functions.
A number of the code assets contain references to MCD – most likely a reference to McDonalds.
Reposted data
The original leak was posted by The McFlurry bandit, who also goes by the online name of Ignacio, but since then, other users have downloaded, and subsequently re-posted the data. One user (Euphoria) reposted the data on one such dark web forum within a few hours of the original leak.
There is potential that other threat actors could now examine these code snippets, and abuse the API keys contained within them to further compromise McDonalds systems and their customers.
2nd Attack
Yesterday, the McFlurry Bandit posted another image indicating that they had further compromised the McDonalds network – this time by leveraging the MoveIT vulnerability which was a huge issue last year.
This latest screen shot indicates that they have now managed to infiltrate corporate systems via the MoveIT vulnerability – most likely by leveraging credentials found in the github data.
MoveIT
The MoveIT vulnerability was first identified back in June 2023, after the Cl0p gang abused it to gain access to systems of numerous companies including payroll operator – Zellis – later it was discovered that many hundreds of companies were impacted by the MoveIT attacks.
Security specialists Emisoft keep a running tally of the organisations and individuals impacted by the MoveIT breach – the latest figures show 2,730 organisations, and 94,233,632 individuals having been affected.
It looks like we can now add McDonalds Corp to that list.
