Update – Nando’s has stated that this security issue is not the result of a data breach, but was instead caused by the circulation of a cached survey page.
This private link was shared to Twitter in 2014 (an action which violates Nando’s terms and conditions) and was made accessible to all users after it was indexed by Google.
“As soon as the Nando’s team were notified of this circulation, we launched an investigation and can confirm that no further user data is at risk,” Nando’s said in a statement.
“Our investigation is looking into how one old page was cached, we have already requested that Google remove any cached pages, and will confirm once we are clear this has taken place.”
“Nando’s would like to assure all its Firestarters that their personal details and data is secure, and we will provide ongoing updates as our investigation progresses.”
The snapshot of the private survey in question is still accessible through Google Cache, which states that it was accessible via the “www.firestarters.co.za” domain at 19:59 GMT on 21 July 2019.
An updated version of the original article is below.
Nando’s has been made aware of an issue on its FireStarters website following a security detail which resulted in a user’s details being exposed online.
The FireStarters website prompted visitors to fill out a survey containing their personal details – including their full name, email, and cellphone number – to join the community and stand a chance to win prizes.
Certain completed surveys were indexed by Google, however, resulting in the cellphone number of a respondent being made available online.
Twitter user Jarn Athern discovered his number was available online after receiving odd messages on WhatsApp from a user who found his mobile number through the completed survey.
The company responded on Twitter, stating that it was aware of the problem and was working on the issue.
“We are aware of a possible breach on the Firestarters platform relating to two surveys,” Nando’s said.
“So far only two people may have been affected, We are in touch with them as part of our investigation. We increased security and will keep you updated.”
The Nando’s FireStarters South Africa website remains offline at the time of writing. Nando’s South Africa did not immediately respond to requests for comment.