McDonalds’ SuperSized Cyber Screw Up
Podcast: The Small Business Cyber Security Guy | Cybersecurity for SMB & StartupsPublished On: Thu Jul 10 2025
Description: Show Guide: When Basics Break - Special Bonus Episode Duration: 9 minutes | Type: Special Episode Episode Summary McDonald's password "123456" exposed 64 million job applications. M&S lost £300M to a phone call. Our full team dissects how basic security failures are destroying major brands and what small businesses must learn. Featured Team Noel Bradford - Lead Host Mauven MacLeod - Ex-NCSC Specialist Oliver Sterling - Cybersecurity Veteran Dr. Sarah Chen - AI Security Researcher Key Segments & Timestamps 🍟 McDonald's AI Disaster (0:00-3:00) Paradox.ai hiring bot secured with "123456" password IDOR vulnerability exposed all applicant data Vendor blamed "dormant 2019 test account" Lesson: AI features don't fix basic security 📞 M&S & Co-op Phone Scams (3:00-6:30) £300M lost at M&S, 20M records at Co-op Help desk reset admin passwords without verification Attackers gave BBC interviews while inside systems Lesson: Vendor security failures become yours 🌍 Global Security Catastrophes (6:30-9:00) AT&T: 73M accounts leaked Change Healthcare: $22M ransom, data still lost 23andMe: Genetic profiles exposed via credential stuffing Key Takeaways ✅ Do The Boring Stuff: Strong passwords + MFA everywhere Regular patching and updates Proper help desk procedures ✅ Vendor Due Diligence: Ask about password policies Implement call-back verification If they can't answer security questions, walk away ✅ AI Reality Check: Shiny features don't compensate for weak foundations Basic vulnerabilities still dominate breaches Episode Highlights "It's the old 'move fast and break things' mindset, but now it's people's personal data on the line." - Dr. Sarah Chen "A simple call-back to a registered number would've stopped the whole thing." - Mauven MacLeod Immediate Actions for Small Business Change any "123456" or "password" credentials NOW Enable MFA on all business accounts today Create help desk verification procedures Audit vendor security practices Content Notes Real company breaches discussed. Some strong language regarding security failures. Essential listening for business owners who think "it won't happen to us." Remember: If major corporations with unlimited budgets fail at basics, small businesses need to be even more vigilant. #Cybersecurity #DataBreach #SmallBusiness #PasswordSecurity
The note was deleted
The note was saved
Your message was sent