A hacker in Australia has found an unconventional way to secure discounted fried chicken from kfc” target=”_blank” rel=”noopener” title=”KFC” data-wpil-keyword-link=”linked”>KFC, exposing what he describes as “very bad cybersecurity” within the company’s app.
The anonymous hacker, known online as “AwesomeAndrew,” revealed his method on the Australian deal-hunting website OzBargain. He explained that by exploiting weaknesses in the KFC app’s validation system, he could manipulate the ordering process to receive substantial discounts. This method, according to AwesomeAndrew, involves executing a replay attack on the add-to-cart request, taking advantage of client-side validation rather than server-side security measures.
The hacker emphasized that this technique currently works only on computers, not on handheld devices, but suggested that vulnerabilities in the app might make similar exploits possible.
OzBargain, a platform popular for sharing money-saving tips, has seen numerous posts over the years focused on obtaining deals from KFC. The site, established in 2006, has featured a total of 748 deals related to the fast-food chain, including promotions initiated by KFC itself.
One of the earliest hacks posted on OzBargain dates back to 2020, when a user named “drezy” shared a method to purchase pieces of Original Recipe Chicken or Tenders at reduced prices through the KFC app. These hacks, while popular among bargain hunters, have raised ethical and legal concerns regarding unauthorized access and potential criminality.
In response to his actions, AwesomeAndrew justified his actions by arguing that such exploits serve to highlight flaws in corporate cybersecurity practices, urging companies like KFC to prioritize stronger security measures.
However, some users on OzBargain cautioned against the ethical implications of exploiting security vulnerabilities, noting that bypassing security protocols could be considered unlawful. They emphasized the importance of robust cybersecurity frameworks, especially for multinational corporations like KFC, which have previously experienced significant cyberattacks.
KFC, no stranger to cybersecurity issues, has faced previous breaches, including a notable incident in 2016 where hackers compromised the Colonel’s Club loyalty program in the UK. This incident prompted KFC to notify over 1.2 million members about the breach and advise them to change their passwords as a precautionary measure.
As KFC continues to address vulnerabilities in its online systems, incidents like these underscore the ongoing challenges faced by companies in safeguarding customer data and maintaining secure digital platforms.
For now, the debate over the ethical implications of hacking for discounts continues, while companies like KFC are urged to enhance their cybersecurity protocols to protect customer information effectively.