A security researcher Bob Diachenko uncovered an unprotected database belonging to Burger King, that was publicly accessible, allowing anyone to edit, download, or delete the data without needing admin credentials.
What information was exposed?
The leaky database exposed almost 37,900 records of Kool King Shop customers, an online shop specifically for kids who buy Burger King menus.
The big picture
Bob Diachenko discovered the leaky database via a Shodan search and found out that the database was left open without any protection since at least April 24, 2019.
“I did not notice ransom notes in the database, fortunately, but that doesn't necessarily mean that it wasn't accessed by somebody else,” Diachenko said.
Upon discovery, he notified Burger King administrators about the leaky database. Burger King immediately conducted an investigation and secured the database.
“We would like to thank you for your responsible disclosure of a possible security vulnerability in our infrastructure on certain customers’ data.
Data protection is critical to Burger King and we do take these matters very seriously. All the necessary actions legally required have been taken internally and with our service provider immediately after this incident came to our knowledge to ensure the effective resolution of the problem as well as the safety of our clients’ data. We are also liaising with the relevant national authority having jurisdiction in this respect.
We wanted to keep you informed that the issue has been investigated and that such possible vulnerability is now corrected,” Burger King said in a statement, BleepingComputer reported.