“A slip-up, a misconfiguration when creating their website and everything that goes with it,” said 19-year-old Paul, who asked that we not use his full name.
He’s a New Zealand university student and sort of a hacker hobbyist. He writes a cybersecurity blog using the pen name “MrBruh,” and his post about Chattr is titled, “How I pwned half of America’s fast food chains, simultaneously.” The term “pwned,” by the way, means compromised.
“It’s a very competitive market, so people have to get their products up and going before anyone else can. Because of that, shortcuts get made,” Paul said.
Paul and a couple of friends who conducted the hack with him said they contacted Chattr. The company didn’t respond to them personally, but in a LinkedIn post, wrote, “Our engineering team acted swiftly, initiating a comprehensive investigation to determine the extent of the breach. We are pleased to report that the vulnerability has been fixed.” Paul confirmed Chattr fixed the problem within a day of being alerted.