McDonald’s Leaks Passwords For Monopoly Game Database

Share post:

An error in the McDonald’s Monopoly VIP game in the U.K. resulted in the login names and passwords for the game’s database being sent to all winners.

McDonald’s U.K. relaunched its popular Monopoly VIP game on August 25 after skipping a year due to the COVID-19 pandemic. Customers can enter codes found on food purchases to have a chance of winning a prize. These prizes include £100,000 in cash, a villa in Ibiza or U.K. getaway holiday, Lay-Z Spa hot tubs, among others.

Unfortunately, the game hit a rough edge over the weekend after a bug caused the usernames and passwords for both the production and staging database servers to be included in the payout emails to the winners.

According to Troy Hunt, the email contained hostnames for Azure SQL databases as well as the login names and passwords of the databases

The winner who shared the email with Troy Hunt stated that the production server was closed off, but that they could access the staging server using the access data contained in the e-mail.

Since these databases may have contained winning codes, it could have allowed individuals to access unused game codes to claim prizes.

Fortunately for the fast-food chain, this person responsibly disclosed the problem at McDonald’s, and although they did not receive a response, they later discovered that the staging server password had been changed.

For more information, read the original story in BleepingComputer.


Related articles

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Disney investigating a potential major leak of internal communications

Disney is investigating a significant data breach by the hacking group Nullbulge, which claims to have accessed and...

Kaspersky to shut down its US business due to sanctions

Russian cybersecurity firm Kaspersky Lab announced it will cease its U.S. operations starting July 20, following sanctions from...

Google’s Gemini AI caught scanning private Google Drive documents without permission

Google's Gemini AI has come under fire for scanning private PDF documents in Google Drive without user consent....

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways