Update: Nando’s is investigating a 'potential online breach', but so far has not found any leaks
- Nando's says it is aware of a "potential online breach" of its Firestarters platform, but that so far it has not found any sign on negligence on its part.
- Earlier Business Insider incorrectly reported that the site was disabled after an accusation of lax security.
- For more stories, go to Business Insider SA.
Nando’s South Africa has denied that it shut down its Firestarters survey platform after a customer raised concerns that his personal contact details were on display for others to see.
In a screenshot of a WhatsApp conversation posted on Monday evening, Twitter user Jarn Athern (@JonWithTheFace) detailed how he was contacted by a stranger.
The person said he got hold of Athern’s cellphone number through the FireStarter webpage.
In a reply to Athern’s thread, Cape Town software developer Darryn van der Walt said Google has been indexing the website’s private pages.
holy crap - google is indexing their private pages. if you google nandos firestarters you'll see what should be private pages with private details showing up in the results. it looks like their sessions are crossing over between users. fire those developers! pic.twitter.com/Mq6Zj4OBgF— ??! (@darrynvdwalt) July 22, 2019
Business Insider South Africa independently verified that a page containing personal information was reachable through Google.
The page contained a cellphone number, cellular network and email address.
Business Insider previously incorrectly reported that the Firestarters website was de-activated: while the Firestarters.co.za page is not functional, the main portal page Firestarters.co.za/hub was working.
“Nando’s South Africa is aware of a potential online breach on their Firestarters survey platform," a spokesperson said.
"After extensive work it appears that only two people have been affected and we have been in touch with them as part of our full investigation. We have increased further security measures to prevent possible exposure of personal details and will update our fans on further steps to be taken once our investigation is concluded.
There is no evidence that there was any negligence on Nando's side, a spokesperson told Business Insider.
Nando's says that at this stage it looks like the problem was due to "user error".
We are aware of a possible breach on the Firestarters platform relating to two surveys. So far only two people may have been affected, We are in touch with them as part of our investigation. We increased security and will keep you updated.— NandosSA (@NandosSA) July 23, 2019
However, there is still no clear explanation how it was possible to access the cached Google information.
The FireStarter community, launched in 2013, was a group of Nando’s South Africa customers which gave the fast-food retailer feedback on its offerings.
UPDATE: Early on Tuesday afternoon Nando's issued the following statement on the issue.
Nando’s South Africa would like to clarify the latest news around a claimed data breach circulated in the media today. Facts to date:·
- A link to a private Nando’s Firestarters survey was shared on Twitter in 2014.
- The details of the page shared resurfaced as a data breach.
- Nando’s would like to clarify that this is not a data breach, and is instead a circulation of a cached (temporarily stored) page.
- This private link was shared, despite this action being against our T’s and C’s – we have reached out to the customer, and understand that this was not intentional.
- As soon as the Nando’s team were notified of this circulation, we launched an investigation and can confirm that no further user data is at risk.
- Our investigation is looking into how one old page was cached, we have already requested that Google remove any cached pages, and will confirm once we are clear this has taken place.
- Nando’s would like to assure all its Firestarters that their personal details and data is secure, and we will provide ongoing updates as our investigation progresses.
Receive a single WhatsApp every morning with all our latest news: click here.
Also from Business Insider South Africa:
- How Markus Jooste used rugby – and Steinhoff money – to shoulder his way into Stellenbosch society
- These are the cheapest food franchises you can buy in South Africa - including King Pie, Sausage Saloon, and Corner Bakery
- One of the world's biggest companies wants to buy a local food giant – here's what it will mean for South Africans
- Polo Vivo has been SA's top-selling car for an astonishing 10 years - here's why
- These large companies are looking for new staff - including Nedbank, Discovery and Amazon