'123456' password exposed chats for 64M McDonald's job applicants (opens in new tab)

it’s a common expression to point out unbelievable moments in a story.

Chill out man, it’s a common ironic expression

Using numeric IDs on an outward facing object is, for the most part, totally fine. It's a serious tradeoff to ditch the nice properties of numerical IDs and the legibility they provide in order to cargo-cult a "we must reveal nothing" approach, as you would here via UUID. It also misses the point of the actual security lesson: no matter the identifier, you need to be applying access controls to your data. Even if your UUIDs were generated via 100% airtight cryptographically random sources, you have to, y'know, communicate with them. That means you'll probably leak them, expose them, or other folks will collect them (often incidentally via things like system logs). If all it takes to gain access to a thing is knowing the identifier of that thing, you've blown it in a huge way. Don't stress about the theoretical benefits of something like an opaque identifier and then completely neglect the necessary real world access control.

Can you tell I've been scarred by discussing designs with folks who focus on the "visible" problems without thinking about the fundamental question of "is this secure"?

Ok, this is probably a stupid, very bad, no good idea considering I've not heard of people doing this, but can't you retain many of the benefits of numerical IDs but also the secrecy of UUIDs by using an HMAC ?

With HMAC, you can still ask for some sequential IDs

SipHash128(0, KEY) = k_0

SipHash128(1, KEY) = k_1

You get the same number of bits as a UUID.

You can't, however, sort by IDs to get their insertion sequence, however. For that you'd need something like symmetric encryption but this is already a bad idea, no reason to make it worse.

Not impossible, just more difficult to guess.

"Security through obscurity" isn't really good enough.

The writeup never claimed that 123456:123456 were default credentials?

It can be confusing for new or infrequent users.

I use it once a week and I don't find it annoying at all, except for the bug where it will let you complete an order for an airport McDonald's, and then soon after automatically cancel the order.

The UI is atrocious.

I do computers for a living and can barely navigate and figure out what’s going on.

1. You can exchange privacy for 20% off.

2. Many franchises have a crummy PA system, so you can avoid this if you plan on using the drive-through.

3. Customization. It's very tedious for all involved to repeatedly request "no cheese", "no ice", "extra sauce", etc. for a very large (e.g., $100+) order.

Not McDonalds. But it is nice to browse options, make order list with whatever special selections like no onions, and just pay on phone for whole thing. Often being able to make the order when you are on the way and then pick it up soon after arriving.

I don't eat that junk but my understanding is McDonald's have segmented their customers into two groups:

1) People who just want to eat McDonald's now and don't care about apps. They will put up with the normal prices which are quite high now.

2) Cheapskate people who wouldn't go to McDonald's much due to the pricing, but can be enticed to go through deals in the app they are happy to jump through hoops to get.

My theory is they store payment information on the mobile app. The app connects to the store wifi automatically, even when going through the drive thru. And processes the payment then. I theorized it so they don’t store credit card info on their servers, simplifying their PCI audits. Presumably they think all that is better than preventing the app from running on rooted phones.

I have no idea... maybe they store their "coupons" locally and are afraid you'll clone them? Don't know, I eat there twice a year and it's not worth it :)

suhide in magisk makes my banking app work, but not mcdonalds :)

Which is 1,615 applicants per US franchise.

Seems totally reasonable to me.

2 shifts of 12 employees is 24 employees per day. Assume they all work there for 6 months on average, then if the system's been up for 10 years, that's 480 employees per franchise over a decade. Which means for every employee they hired, 2 were either rejected or chose not to work there.

Working at McD's is something a lot of people do for a few months when they're young.

Also is the unit identifier for a human an email? Then one living being might be seen twice or more

They use this site for hiring globally. The number of privacy regulators they will have to notify and deal with is going to make this messy.

Just in time for the sequel!

Earlier this year, Mel posted a video saying they are making a sequel.