2025-09-07 20:32:00
www.pcgamer.com
As reported by Tom’s Hardware, a pair of hackers successfully compromised the cybersecurity of Restaurant Brands International (RBI), which owns Burger King, Popeyes, and Tim Hortons. They uncovered “catastrophic” vulnerabilities so bad it led the hackers to comment, “We’re not even mad, just impressed by the commitment to terrible security practices.”
Those “terrible security practices” were alarmingly extensive. The hackers were able to:
- Easily access RBI’s Amazon Web Services (AWS) systems.
- Create new user accounts.
- Promote themselves to admin status.
- Access employees’ personal information.
- Order store equipment.
- Add and manage stores.
- Access store tablet interfaces.
- Access voice recordings of customers ordering at the drive-thru—which the pair allege are being used to train an AI model.
The pair of hackers explained their project and findings in a blog post that went live on September 6, only to be taken down within 24 hours and replaced with a notice that they received a DMCA complaint from RBI.
Luckily, the original blog post is still visible on the Wayback Machine, where it states: “We stumbled upon vulnerabilities so catastrophic that we could access every single store in their global empire.
“From a Burger King in Times Square to that lonely Tim Hortons where Bugs Bunny shoulda taken a left turn at Albuquerque. Oh, and did we mention we could listen to your actual drive-thru conversations? Yeah, that happened too.”
The hackers, “BobDaHacker” and “BobTheShoplifter,” have a stated mission of cracking systems to uncover security vulnerabilities and reporting them in an effort to improve security, rather than using this access for their own enrichment.
In terms of fixing the security loopholes the hackers found, the original blog post detailing the RBI hack states that, “RBI’s response time was impressive.” So, it sounds like at least some of the issues BobDaHacker and BobDaShoplifter found have been resolved, although they also said RBI didn’t directly respond to them or comment on the vulnerabilities the hackers reported.
It seems the Bobs accomplished what they set out to do, which was uncover and report major security flaws, though RBI thanked them with a DMCA complaint. While it’s concerning that RBI apparently had security this weak, it’s a good thing the Bobs discovered it before someone else could.
They even closed out their blog post by claiming that they didn’t store any data from their project: “No customer data was retained during this research. No drive-thru orders were harmed in the making of this blog post. Responsible disclosure protocols were followed throughout. We still think the Whopper is pretty good, but Wendy’s is better. So Long, and Thanks for All the Fish.”
Take your gaming to the next level! The Redragon S101 RGB Backlit Gaming Keyboard is an Amazon’s Choice product that delivers incredible value. This all-in-one PC Gamer Value Kit includes a Programmable Backlit Gaming Mouse, perfect for competitive gaming or casual use.
With 46,015 ratings, an average of 4.6 out of 5 stars, and over 4K+ bought in the past month, this kit is trusted by gamers everywhere! Available now for just $39.99 on Amazon. Plus, act fast and snag an exclusive 15% off coupon – but hurry, this offer won’t last long!
Help Power Techcratic’s Future – Scan To Support
If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.
As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!
|
BITCOIN
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge Scan the QR code with your crypto wallet app |
|
DOGECOIN
D64GwvvYQxFXYyan3oQCrmWfidf6T3JpBA Scan the QR code with your crypto wallet app |
|
ETHEREUM
0xe9BC980DF3d985730dA827996B43E4A62CCBAA7a Scan the QR code with your crypto wallet app |
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.
