BobDaHacker describes how he found and reported several security vulnerabilities in the McDonald's app and internal systems. Initially, he discovered client-side validation issues that allowed users to exploit reward points. Subsequent investigations revealed serious flaws, including weak password protections, exposed API keys, and unauthorized access to employee information. After struggles to report these issues due to a lack of a proper security contact, he eventually contacted HQ by mentioning random employee names. McDonald's addressed many issues following his reports, but the process revealed a need for better security protocols and reporting channels.
https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities

