A flaw in McDonald’s McDelivery system in India could have allowed for the ability to order any number of menu items for $0.01. Sensitive information in the form of invoices for any order and the personal details for the delivery driver could also have been disclosed. This serves as a great reminder that while apps allow for customers to easily access services they can also present potential security compromises.
A great writeup on the methodology used to test the API is available here!