Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Burger King Serves Up Sensitive Data, No MayoBurger King Serves Up Sensitive Data, No Mayo
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.
1 Min Read
Source: Neville Styles via Alamy Stock Photo
A misconfiguration in the site for Burger King France has exposed sensitive data that could have been used to launch a whopper of a cyberattack against the chain.
Researchers at Cybernews found the flaw and noted that a similar 2019 misconfiguration had leaked information on kids who bought Burger King menus.
The most recent Burger King data leak incident exposed database credentials, and what researchers think are job posts and applicant data. The analysts weren't legally able to view the contents of the database, the report noted.
By combining the compromised credentials with the site's Google Tag Manager ID, threat actors could have changed the Tag ID to a container they control, and from there execute arbitrary code, the Security Affairs team explained. The researchers also discovered a Google Analytics ID among the exposed data, which could have been used to manipulate the site's analytics.
The researchers alerted Burger King to the potential for cyberattacks stemming from the data exposure, and the problem has been fixed.
About the Author
You May Also Like
More Insights
Webinars
Uncovering Threats to Your Mainframe & How to Keep Host Access Secure
Feb 13, 2025Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025
_vska_Alamy_.jpg?width=700&auto=webp&quality=80&disable=upscale)
_Brain_light_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)