A cybersecurity researcher has discovered a flaw in the McDonalds India (West & South) delivery system API, allowing access to sensitive customer information and enabling fraudulent orders. The bug, found by Eaton Zveare from Traceable AI, exposed customer names, email addresses, phone numbers, driver details, and order tracking capabilities. While the vulnerability was fixed in September 2024, McDonald’s assured that there was no data breach and that customer data remained secure. The company emphasized its commitment to regular security audits and enhancements to ensure the protection of customer information. Despite the potential risk posed by the bug, only the delivery system for India (West & South) was affected, while other regions and countries remained safe from exploitation.