Burger King Uses Copyright Law to Nix Security Research

Researcher Who Privately Reported Flaws Receives Legal Threat Mathew J. Schwartz (euroinfosec) • September 8, 2025

Burger King wants to have its way online by forcing a security researcher into taking down a blog post detailing security flaws allowing hackers to remotely eavesdrop on drive-through orders and access employees' personal information.

See Also: OnDemand | Transform API Security with Unmatched Discovery and Defense

Self-described ethical hacker "BobDaHacker" posted Saturday a blog post disclosing authentication bypass and other vulnerabilities in the "Assistant" system used by Toronto-based Restaurant Brands International, parent company to the hamburger chain as well as Tim Hortons, Popeyes and Firehouse Subs.

The "Assistant" system is deployed across RBI brands, BobDaHacker said in the now-deleted report, which remains archived online.

The blog post, titled "We Hacked Burger King," was up for less than 48 hours, until the researcher said they received a copyright infringement notice transmitted by ...