Update: Nando’s is investigating a 'potential online breach', but so far has not found any leaks

Business Insider SA
  • Nando's says it is aware of a "potential online breach" of its Firestarters platform, but that so far it has not found any sign on negligence on its part. 
  • Earlier Business Insider incorrectly reported that the site was disabled after an accusation of lax security. 
  • For more stories, go to Business Insider SA.

Nando’s South Africa has denied that it shut down its Firestarters survey platform after a customer raised concerns that his personal contact details were on display for others to see.  

In a screenshot of a WhatsApp conversation posted on Monday evening, Twitter user Jarn Athern (@JonWithTheFace) detailed how he was contacted by a stranger. 

The person said he got hold of Athern’s cellphone number through the FireStarter webpage. 

In a reply to Athern’s thread, Cape Town software developer Darryn van der Walt said Google has been indexing the website’s private pages. 

Business Insider South Africa independently verified that a page containing personal information was reachable through Google. 

The page contained a cellphone number, cellular network and email address. 

A screenshot of the web page accessed by Business
A screenshot of the web page accessed by Business Insider South Africa. The personal details have been blurred.

Business Insider previously incorrectly reported that the Firestarters website was de-activated: while the page is not functional, the main portal page was working.

“Nando’s South Africa is aware of a potential online breach on their Firestarters survey platform," a spokesperson said. 

"After extensive work it appears that only two people have been affected and we have been in touch with them as part of our full investigation. We have increased further security measures to prevent possible exposure of personal details and will update our fans on further steps to be taken once our investigation is concluded.

There is no evidence that there was any negligence on Nando's side, a spokesperson told Business Insider. 

Nando's says that at this stage it looks like the problem was due to "user error".

However, there is still no clear explanation how it was possible to access the cached Google information. 

The FireStarter community, launched in 2013, was a group of Nando’s South Africa customers which gave the fast-food retailer feedback on its offerings. 

UPDATE: Early on Tuesday afternoon Nando's issued the following statement on the issue.

Nando’s South Africa would like to clarify the latest news around a claimed data breach circulated in the media today. Facts to date:·     

  • A link to a private Nando’s Firestarters survey was shared on Twitter in 2014.
  • The details of the page shared resurfaced as a data breach.
  • Nando’s would like to clarify that this is not a data breach, and is instead a circulation of a cached (temporarily stored) page.
  • This private link was shared, despite this action being against our T’s and C’s – we have reached out to the customer, and understand that this was not intentional.
  • As soon as the Nando’s team were notified of this circulation, we launched an investigation and can confirm that no further user data is at risk.
  • Our investigation is looking into how one old page was cached, we have already requested that Google remove any cached pages, and will confirm once we are clear this has taken place. 
  • Nando’s would like to assure all its Firestarters that their personal details and data is secure, and we will provide ongoing updates as our investigation progresses.

Receive a single WhatsApp every morning with all our latest news: click here.

Also from Business Insider South Africa:

Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo