A misconfiguration within the website for Burger King France has uncovered delicate knowledge that would have been used to launch a whopper of a cyberattack in opposition to the chain.
Researchers at Safety Affairs discovered the flaw and famous {that a} related 2019 misconfiguration had leaked data on youngsters who purchased Burger King menus.
The newest Burger King knowledge leak incident uncovered database credentials, and what researchers suppose are job posts and applicant knowledge. The analysts weren’t legally capable of view the contents of the database, the report famous.
By combining the compromised credentials with the location’s Google Tag Supervisor ID, risk actors might have modified the Tag ID to a container they management, and from there execute arbitrary code, the Safety Affairs group defined. The researchers additionally found a Google Analytics ID among the many uncovered knowledge, which might have been used to govern the location’s analytics.
The researchers alerted Burger King to the potential for cyberattacks stemming from the info publicity, and the issue has been fastened.
