- Passwords with hard coding the fragile security infrastructure of Burger King by Burger King worldwide
- Computer pirates agreed to employee accounts and internal configurations with a shocking ease
- Simple text passwords sent by email revealed careless cybersecurity practices
Restaurant Brands International (RBI), the parent company of Burger King, Tim Hortons and Popeyes, has been called by obvious security failures.
Two ethical hackers, known as Bobdahacker and Bobtheshopter, recently revealed how easily they got access to critical systems.
His findings, now filed after the original blog was taken, paint a worrying image of the cybersecurity of fast food.
Passwords that anyone could guess
One of the most surprising discoveries was a password encoded in the HTML of a team order website.
This would only have raised red flags, but the problems went beyond. In the transmission tablet system, the password was simply “administrator.”
Weak credentials such as these are generally trapped even by the most basic antivirus verifications and system audits.
For a global company that meets more than 30,000 points of sale, such supervision raises serious doubts about how little attention were paid to digital safeguards.
Computer pirates explained how they agreed to employee accounts, internal configurations and even unprocessed audio recordings of entry conversations.
These recordings sometimes contained personal information as customers ordered food, which were then processed by AI Systems to evaluate both staff and customers.
This access, although managed responsible by ethical computer pirates, highlights what could have happened in the wrong hands.
The exhibition also extended to strange corners of the business. The team discovered the code linked to the restaurant’s bathing screens.
Although he joked about leaving false house criticism, they attached to the responsible dissemination practices.
They emphasized that the client’s data were not retained, but the scope of their findings shows how open were the systems.
Ethical hackers described RBI’s security as “catastrophic” and “solid as a paper wrapper.”
That language can be ironic, but the defects were real.
They included an API that allowed anyone to register without restrictions and emails of simple text that contain passwords.
The duo even found ways to give access to administrator on all platforms.
These are the problems that the basic protection of ransomware and good malware elimination policies are intended to reduce.
However, the report shows that security foundations were overlooked to a corporate level, leaving all associated brands at risk.
According to reports, RBI solved the problems once informed, but the company did not publicly recognize ethical computer pirates.
That silence leaves open the question of whether the lessons will really be learned or if this was treated as a patch and movement event.
Via Hardware Toms
