Burger King hacked – ethical hackers crack fast food security, and find it’s as fragile as a French fry
By Efosa Udinmwen
Copyright techradar
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Close main menu
the business technology experts
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
View Profile
Search TechRadar
Expert Insights
Website builders
Web hosting
Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights
Don’t miss these
They weren’t lovin’ it – hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky
McDonald’s AI recruiting platform had a really embarrassing security flaw – and it left millions of users open to attack
Hacker says they were able to download data on all 270,000 Intel employees – from an internal site
Apple, Google, Microsoft and Facebook details exposed in huge breach affecting 184 million accounts – secure your logins now
Supermarket freezers and other food storage could have been hacked following flaws discovery
Researchers reveal passkeys may not be as safe as we think they are – here’s how to stay safe
Whole big mess – Krispy Kreme data breach sees data on over 160,000 people exposed
Get the dunce’s cap – experts warn pathetically weak passwords in the education sector leave classrooms at risk
I am a cybersecurity pro and here’s the most powerful strategy criminals are using against retailers right now
One of the world’s most popular CMS tools has an embarrassing security flaw, so patch immediately
The resilient retailer’s guide to proactive cyber defense
M&S, Co-Op and Harrods got hit by a cyberattack: here’s what retailers need to do to stop this
Supermarket giant admits 2.2 million people could be hit by worrying data breach – what to do if you’re affected
“No evidence” – here’s why the massive 16 billion record data breach may not be as bad as first thought
Researchers discover 40,000 private webcams exposed online: how to secure yours now
Burger King hacked – ethical hackers crack fast food security, and find it’s as fragile as a French fry
Efosa Udinmwen
10 September 2025
The hackers found catastrophic flaws hiding in Burger King systems
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Burger King on Facebook)
Hard-coded passwords exposed Burger King’s fragile security infrastructure worldwide
Hackers accessed employee accounts and internal configurations with shocking ease
Plain-text passwords sent via email revealed careless cybersecurity practices
Restaurant Brands International (RBI), the parent company of Burger King, Tim Hortons, and Popeyes, has been called out for glaring security flaws.
Two ethical hackers, known as BobDaHacker and BobTheShoplifter, recently revealed how easily they gained access to critical systems.
Their findings, now archived after the original blog was pulled, paint a troubling picture of fast food cybersecurity.
You may like
They weren’t lovin’ it – hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky
McDonald’s AI recruiting platform had a really embarrassing security flaw – and it left millions of users open to attack
Hacker says they were able to download data on all 270,000 Intel employees – from an internal site
Passwords that anyone could guess
One of the most startling discoveries was a password hard-coded in the HTML of an equipment ordering website.
This alone would have raised red flags, but the issues went further. In the drive-through tablet system, the password was simply “admin.”
Weak credentials like these are usually caught by even the most basic antivirus checks and system audits.
For a global company running over 30,000 outlets, such oversights raise serious questions about how little attention was given to digital safeguards.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
The hackers explained how they accessed employee accounts, internal configurations, and even raw audio recordings of drive-through conversations.
Those recordings sometimes contained personal information as customers ordered food, which was later processed by AI systems to evaluate both staff and customers.
This access, while responsibly handled by the ethical hackers, highlights what could have happened in the wrong hands.
The exposure extended to odd corners of the business as well. The team uncovered code tied to restaurant bathroom rating screens.
Although they joked about leaving fake reviews from home, they stuck to responsible disclosure practices.
They stressed that no customer data was retained, but the scope of their findings shows how open the systems were.
The ethical hackers described RBI’s security as “catastrophic” and “solid as a paper Whopper wrapper in the rain.”
That language may be tongue-in-cheek, but the flaws were real.
They included an API that allowed anyone to sign up without restrictions and plain-text emails containing passwords.
The duo even found ways to grant themselves admin access across platforms.
These are the problems that basic ransomware protection and good malware removal policies are meant to reduce.
Yet the report shows that security fundamentals were overlooked at a corporate level, leaving every associated brand at risk.
RBI reportedly fixed the issues once informed, but the company did not publicly acknowledge the ethical hackers.
That silence leaves open the question of whether lessons will truly be learned or if this was treated as a patch-and-move-on event.
Via Toms Hardware
You might also like
These are the best temporary email services available
We’ve also listed the best proxies for enterprises
Microsoft Azure services see major disruption after Red Sea cables cut
Efosa Udinmwen
Freelance Journalist
Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master’s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
They weren’t lovin’ it – hacker cracks McDonald’s security in quest for free nuggets, and it was apparently not too tricky
McDonald’s AI recruiting platform had a really embarrassing security flaw – and it left millions of users open to attack
Hacker says they were able to download data on all 270,000 Intel employees – from an internal site
Apple, Google, Microsoft and Facebook details exposed in huge breach affecting 184 million accounts – secure your logins now
Supermarket freezers and other food storage could have been hacked following flaws discovery
Researchers reveal passkeys may not be as safe as we think they are – here’s how to stay safe
Latest in Security
UK Electoral Commission finally recovered from China hack after three years and £250,000 grant
Cyberscam groups who stole $10 billion from Americans sanctioned by US
Hackers abuse TOR network and misconfigured Docker APIs to steal crypto – so keep an eye on your wallet
New Android RAT uses Near Field Communication to automatically steal money from devices
Adobe patches ‘most severe’ flaw in Magento eCommerce platform
US Department of Defense issues strict new cyber rules for potential contractors
Latest in News
I tried AirPods Pro 3 and fell in love with these 3 big upgrades
The standard iPhone 17 might just be the best-value iPhone ever – here’s why
LG updates its stance on Dolby Vision 2 for its TVs, saying it’s ‘evaluating the opportunity’
Massive Nintendo Direct confirmed this week – here’s where and how to watch live
Now you see me, now you don’t – Mullvad introduces QUIC to disguise WireGuard traffic
Netflix drops first explosive trailer for The RIP, but Ben Affleck and Matt Damon fans have got a lengthy wait for the crime thriller’s release
LATEST ARTICLES
AMD Megapod set to face Nvidia’s Superpod with a 256-GPU rack full of Instinct MI500 chips
Cyberscam groups who stole $10 billion from Americans sanctioned by US
The standard iPhone 17 might just be the best-value iPhone ever – here’s why
‘Four years too late’: after a 5-year wait for Spotify Lossless, ex subscribers are reacting – and it’s not good
This Thunderbolt 5 docking station can do something no other can: combine two 10GbE LAN ports to deliver a virtual 20Gbps connection
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future’s experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait…
