Eaton • Dec 19, 2024 News coverage: TechCrunch Key Points / Summary API flaws in the McDonald’s McDelivery system in India, one of the world’s most popular food delivery apps, enabled a variety of fun exploits: The ability to order any number of menu items for ₹1 ($0.01 USD). The ability to steal/hijack/redirect other people’s delivery orders through a specific sequence of carefully timed API calls. The ability to retrieve the details of any order. The ability to track any order in the “On the w...