Exploit: Misconfiguration
McDonald’s: Fast Food Chain
Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.
Individual Impact: The company contends that no customer inforation was compromised.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.
Source: Bleeping Computer