Discussion
Loading...

Post

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
BobDaHacker 🏳️‍⚧️ | NB
@bobdahacker@infosec.exchange  ·  activity timestamp 4 weeks ago

🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.

🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side code

The scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂

Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.

Full technical breakdown: https://bobdahacker.com/blog/rbi-hacked-drive-thrus

#InfoSec#CyberSecurity#ResponsibleDisclosure#Privacy#GDPR#API#GraphQL#SecurityResearch#VulnDisclosure#RestaurantBrands#BurgerKing#TimHortons#Popeyes #vulnerability

  • Copy link
  • Flag this post
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login