Turkish Ajan hacker group member Maxney has been at it again this time taking sights to fast food giant McDonald’s (again). Maxn3y and another hacker using the handle xXM3HM3TXx have breached the official sites for Austria (https://mcdonalds.at/), Taiwan (https://mcdonalds.com.tw/) and as a result over 200,000 credentials from various parts of the sites have been leaked via file sharing site speedyshare.com in the format of a compressed file totaling 15.41 MB and uncompressed size of about 20MB. The attack has also left the Korean based domain (https://www.mcdonalds.co.kr/) hacked with a new page which at time of publishing had been restored but an archive can be found here or seen below. 
The leaked data is split into two folders named which contains .xls files with user credentials from people who have used a web based resume system for applying for jobs at the taiwan based site as well as volunteer details and a old messages database with small amount of entry’s dated back to 2008. It also contains a 15mb xls file that has full user credentials in it for the taiwan based site and a 5mb file of user credentials from the Austrian based site. The attack has left users names, email address and encrypted passwords as well as other information like gender, location, date of birth and more. All together there is 226k accounts from the taiwan based site and 21k accounts from the Austrian based site. 
Id like to note to that a lot of the names, locations and other details from the Taiwan database is in Taiwanese as you can see above while the Austrian one is all in English. Its also not the first time Maxney has taken sights to McDonald’s with an attack last year in October being aimed at the Official Thailand domain leaving it hacked after they gained access to its administration control and leaked about 1,900 accounts details online. So its really any wonder when all these big name global company’s will start enforcing proper security to prevent users personal information being distributed across file sharing sites for anyone to obtain.
The Office of Inadequate Security
