The ethical hacker known as BobDaHacker, who previously exposed vulnerabilities in McDonald's and Pudu Robotics, has turned their attention to Restaurant Brands International (RBI), uncovering significant security flaws across its major brands: Burger King, Tim Hortons, and Popeyes.
With over 30,000 locations worldwide, RBI’s vast network has now come under scrutiny, revealing a troubling lack of cybersecurity measures.
The discovered vulnerabilities granted BobDaHacker access to employee accounts, order processing systems, and even the ability to eavesdrop on audio recordings from automated kiosks.
Among the critical issues were the potential to bypass user verification, obtain administrative privileges, and exploit passwords hardcoded into the HTML code of RBI’s websites. These lapses highlight a systemic failure in protecting sensitive data, putting millions of customers and employees at risk.
Despite submitting detailed reports of these vulnerabilities, BobDaHacker received no response from RBI. Instead of addressing the security concerns, the restaurant chain escalated the situation by filing a Digital Millennium Copyright Act (DMCA) takedown notice against the hacker’s blog.
The complaint cited unauthorized use of the "Burger King" trademark in the published investigation, forcing BobDaHacker to remove the post. However, an archived version of the content remains accessible via the Wayback Machine, preserving the evidence of the breach for public scrutiny.
Also read:
- Found Sex on Tinder? Congratulations, You Might Be a Psychopath or Have Low Standards, Says Stats
- For Those Missing the Office: Discover the Office Noise Generator
- Dating Scene Introduces New Term: "Shreking" – Lowering Appearance Standards Comes with a Cost
This move by RBI has drawn sharp criticism, with many viewing the DMCA action as an attempt to silence a whistleblower rather than confront the underlying issues. The lack of official comment from RBI only deepens the controversy, leaving questions about the company’s commitment to cybersecurity and transparency. BobDaHacker’s relentless efforts continue to expose corporate vulnerabilities, but this latest incident underscores the challenges faced by ethical hackers when corporations prioritize legal retaliation over resolution.
