McDonald’s Leaks Passwords For Monopoly Game Database

Share post:

An error in the McDonald’s Monopoly VIP game in the U.K. resulted in the login names and passwords for the game’s database being sent to all winners.

McDonald’s U.K. relaunched its popular Monopoly VIP game on August 25 after skipping a year due to the COVID-19 pandemic. Customers can enter codes found on food purchases to have a chance of winning a prize. These prizes include £100,000 in cash, a villa in Ibiza or U.K. getaway holiday, Lay-Z Spa hot tubs, among others.

Unfortunately, the game hit a rough edge over the weekend after a bug caused the usernames and passwords for both the production and staging database servers to be included in the payout emails to the winners.

According to Troy Hunt, the email contained hostnames for Azure SQL databases as well as the login names and passwords of the databases

The winner who shared the email with Troy Hunt stated that the production server was closed off, but that they could access the staging server using the access data contained in the e-mail.

Since these databases may have contained winning codes, it could have allowed individuals to access unused game codes to claim prizes.

Fortunately for the fast-food chain, this person responsibly disclosed the problem at McDonald’s, and although they did not receive a response, they later discovered that the staging server password had been changed.

For more information, read the original story in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways