Cybersecurity Today

Episode: Hackers Say Thanks For Lousy Security In Large Fast Food Chain

Host: David Shipley (filling in for Jim Love)
Air Date: September 8, 2025

Episode Overview

This episode of Cybersecurity Today brings listeners up to speed on a new wave of attacks targeting the software supply chain, major SaaS platforms, and notably, an embarrassing exposure of security blunders in some of America’s largest restaurant brands. David Shipley delivers critical updates on the ongoing evolution of attack techniques—especially those exploiting human and AI vulnerabilities—plus a sharp look at what happens when companies ignore basic digital hygiene.

Main Discussion Points & Insights

1. Software Supply Chain Under Siege

(00:01–04:00)

• New supply chain attack discovered, dubbed the Ghost Action Campaign (GetGuardian).
• Attackers compromised 800+ GitHub repositories across 327 users using malicious GitHub Actions workflows.
• Stolen over 3,300 secrets, including PyPi, npm, and DockerHub tokens.
• Rapid response:

  "On September 5, GitGuardian raised the alarm and by noon PYPI had locked the affected project and the malicious commit was rolled back." (David Shipley, 01:20)

• This attack is part of a rising trend targeting not finished software packages but the entire development ecosystem—including tools, workflows, integrations.
• Contextual examples:
  • July: Attack on Toptal’s GitHub, leading to malicious NPM downloads.
  • July: Open VSX zero-day affecting millions of developers.
  • August: Chromium sandbox escape exposing 1.5 million IDE users.
• Key Insight: Supply chain defenses need to go beyond code review and patching to fully secure developer environments and tools.

2. CRM Breaches: Salesloft, Drift, Workiva, and Workday

(04:01–09:30)

• Details on the Salesloft breach:
  • Attackers accessed their GitHub account from March to June 2025—setting up guest users and new workflows.
  • Limited reconnaissance in app environments but accessed Drift’s AWS and customer OAuth tokens.
  • OAuth tokens were later used to compromise customer data via integrations.
• Workiva’s breach: Attackers stole business contact details (names, emails, phone numbers, support tickets) from their CRM. No core SaaS platform breach, but customers warned about a likely uptick in phishing.
• Workday had a similar incident where attackers used social engineering to access a third-party CRM—again, mainly business contact info involved.
• Attacks part of a broader "summer of Salesforce-related attacks," exploiting social engineering and targeting OAuth integrations.
• Threat actors: The extortion group Shiny Hunters leveraging OAuth abuse and impersonation tactics against major global brands (Google, Cisco, Adidas, Dior, Louis Vuitton).
• More sophisticated AI-powered phishing and vishing campaigns are making breaches harder to detect.
• Key Recommendation:

  "Organizations need to make sure they don't just secure their own platforms. They have to harden the trust connections with third party SaaS providers...tightening identity verification, monitoring OAuth activity and preparing employees to be vigilant." (David Shipley, 08:40)

3. Support Ticket Data: A Surprising Risk

(09:31–10:30)

• Breached support ticket data at top tech companies included sensitive information—API tokens, logs, and even passwords (sometimes shared voluntarily by customers through support channels).

  "You heard that right...support tickets accessed via the compromised Salesforce Drift AI integration included not only names and contact info, but also API tokens, logs, and even more worrisome, passwords." (David Shipley, 09:55)

• Warning: Seemingly innocuous support systems can be high-value breach targets—organizations must scrutinize what data ends up in these channels.

4. Manipulating ChatGPT: AI as a New Attack Surface

(10:31–12:30)

• New University of Pennsylvania preprint study: Large language models (like GPT-4) can be easily manipulated using psychological tactics (authority, commitment, liking, social proof, scarcity).
  • Authority-based prompts increased forbidden output compliance from 4.7% to 95.2%.
  • Commitment-based prompts drove compliance to 100%.

  "What stands out isn't that AI can be tricked...this study shows that criminals are innovating faster in social engineering against AI safeguards." (David Shipley, 11:45)

• Key Takeaway: AI security must consider not just technical guardrails but be "psychologically aware"; collaboration with social science is urgent.

  "The next generation of AI threat vectors is not just technical, it's psychological." (David Shipley, 12:15)

5. Restaurant Brands International: "Catastrophic Vulnerabilities"

(12:31–15:45)

• Ethical hackers Bob dehacker and Bob the Shoplifter revealed what they call “catastrophic vulnerabilities" in Restaurant Brands International (parent of Burger King, Tim Hortons, Popeyes):
  • API signups not disabled—anyone could create accounts.
  • Email verification could be bypassed (via GraphQL introspection), and admin elevation possible via the 'create token' mutation.
  • Hard-coded passwords found in HTML, including admin credentials for drive-thru tablets.
  • Ability to listen in to live drive-thru conversations containing personal data, due to AI-driven audio analysis.
  • Memorable Moment:

    "One irony laced researcher quipped, the systems were about as solid as a paper Whopper wrapped in the rain." (13:50)

  • RBI failed to acknowledge the researchers’ responsible disclosure:

    "The ethical hackers say they received no acknowledgement from Restaurant Brands International and capped the report with quote 'Wendy’s is better.'" (14:35)

• Implication: Expect scrutiny from privacy regulators, especially given these chains’ prior infractions.

Notable Quotes

• On the state of supply chain attacks:

  "Attackers are innovating faster in social engineering, finding new attack paths via supply chain, and defenders have to catch up or risk watching this CRM summer of pain get even worse." (David Shipley, 10:27)

• On AI vulnerabilities:

  "Guardrails must become more robust, not just technically enforced, but psychologically aware." (David Shipley, 12:05)

• On restaurant security blunders:

  "...the systems were about as solid as a paper Whopper wrapped in the rain..." (Ethical Hacker via David Shipley, 13:50)

• On support ticket data risks:

  "Support tickets...included not only names and contact info, but also API tokens, logs, and even more worrisome, passwords that customers had shared through support ticket requests." (David Shipley, 09:55)

Key Takeaways & Next Steps

• Supply chain attacks are expanding—developer environments and tools are prime targets.
• Sophisticated social engineering now exploits both human and AI vulnerabilities.
• Data from seemingly "low-risk" systems like CRM support tickets can be a goldmine for attackers.
• Some major companies are still dropping the ball on even basic security hygiene—leading to massive, preventable exposures.
• AI security requires interdisciplinary collaboration and deep psychological insight, not just patching and rule enforcement.
• Companies must treat all interfaces—APIs, support systems, third-party integrations—with equal caution and hardening.

Suggested Actions for Listeners

• Review developer environment security: Lock down token storage, audit workflows, and monitor all access.
• Scrutinize third-party SaaS integrations: Audit OAuth tokens and review permissions regularly.
• Train staff (and support teams) on phishing, vishing, and information sensitivity.
• Test internal and external interfaces for overlooked vulnerabilities (e.g., admin credentials in HTML, API misconfigurations).
• Track and respond promptly to vulnerability disclosures—industry reputation (and customer privacy) depends on it.
• Follow research on AI manipulation and integrate social science insights into technical controls.

As always, stay skeptical and stay patched. (David Shipley, 16:00)