Restaurant Brands International (RBI), owner of well-known chains such as Burger King, Popeyes, and Tim Hortons, has been the target of a cyber attack that revealed serious vulnerabilities in its IT security. Two hackers, known as BobDaHacker and BobTheShoplifter, published a blog detailing their findings, highlighting their ability to access all RBI establishments and listen to conversations in the drive-thrus. In the post, which was online briefly on September 6, the hackers expressed their surprise at what they called “terrible security practices.”
Cybersecurity is important
The hackers claimed that, although they had found catastrophic security flaws, they did not retain any customer data during their investigation, and assured that they followed responsible disclosure protocols. Their intention, according to them, was to expose security issues to improve the company’s protection. However, the blog post was removed 24 hours after its release, after RBI filed a DMCA complaint, although it can still be accessed through Wayback Machine.
Despite the seriousness of the situation, the hackers praised RBI’s response speed in addressing the identified vulnerabilities, although the company has not issued direct comments on the matter. “RBI’s response was impressive,” the attackers noted, reiterating that no customers were harmed during the process.
This incident highlights the need for companies to strengthen their security measures in an environment where cyberattacks are becoming increasingly common. The situation of RBI could serve as a serious reminder of the risks of digital security, and the fact that these vulnerabilities were discovered by hackers for improvement purposes should spark a debate on how companies manage their cyber defenses.
