What happens when you don’t acknowledge ethical hackers? Sometimes nothing, but sometimes you get a lot of negative coverage. Tom’s Hardware reports:
Ethical hackers BobDaHacker and BobTheShoplifter have detailed their claim that they uncovered “catastrophic” vulnerabilities in multiple platforms hosted by Restaurant Brands International (RBI). While RBI may not be a very familiar name, this lax security means that systems powering mega brands like Burger King, Tim Hortons, and Popeyes, with over 30,000 locations worldwide, and all were almost trivially easy to hack. “Their security was about as solid as a paper Whopper wrapper in the rain,” snarks the BobDaHacker blog, sharing the full technical exposé (the blog has since been taken down, but it’s archived here).
The vulnerabilities found were a big deal, as we will detail below, including allowing the duo to access employee accounts, ordering systems, and listen to recorded drive-thru conversations, among other exploits. Despite this, the ethical hacking duo that responsibly informed RBI of the flaws were never acknowledged.
Read more at Tom’s Hardware.
