DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Official Mcdonald’s Austria, Taiwan & Korea Hacked. Over 200k Credentials Leaked

Posted on March 28, 2013 by Lee J

mchackedTurkish Ajan hacker group member Maxney has been at it again this time taking sights to fast food giant McDonald’s (again). Maxn3y and another hacker using the handle xXM3HM3TXx have breached the official sites for Austria (https://mcdonalds.at/), Taiwan (https://mcdonalds.com.tw/) and as a result over 200,000 credentials from various parts of the sites have been leaked via file sharing site speedyshare.com in the format of a compressed file totaling 15.41 MB and uncompressed size of about 20MB. The attack has also left the Korean based domain (https://www.mcdonalds.co.kr/) hacked with a new page which at time of publishing had been restored but an archive can be found here or seen below. hacked-by-turkish-agent The leaked data is split into two folders named which contains .xls files with user credentials from people who have used a web based resume system for applying for jobs at the taiwan based site as well as volunteer details and a old messages database with small amount of entry’s dated back to 2008. It also contains a 15mb xls file that has full user credentials in it for the taiwan based site and a 5mb file of user credentials from the Austrian based site. The attack has left users names, email address and encrypted passwords as well as other information like gender, location, date of birth and more. All together there is 226k accounts from the taiwan based site and 21k accounts from the Austrian based site. mc4 Id like to note to that a lot of the names, locations and other details from the Taiwan database is in Taiwanese as you can see above while the Austrian one is all in English. Its also not the first time Maxney has taken sights to McDonald’s with an attack last year in October being aimed at the Official Thailand domain leaving it hacked after they gained access to its administration control and leaked about 1,900 accounts details online. So its really any wonder when all these big name global company’s will start enforcing proper security to prevent users personal information being distributed across file sharing sites for anyone to obtain.

Category: Breach Incidents

Post navigation

← How Private Data Became Public on Amazon’s Cloud
Two HIPAA breaches involving Mid America Health that flew under the media radar →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • WestJet investigates cyberattack disrupting internal systems
  • Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
  • India: Servers of two city hospitals hacked; police register FIR
  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe
  • AI tools collect and store data about you from all your devices – here’s how to be aware of what you’re revealing
  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.