He wouldn't have tweeted it if it was malicious -- he could have even kept it secret. What is it with HN? little pranks, reverse engineering, vulnerabilities, free ice-cream. I do not condone crime but let's be honest, he could have made money with his findings online...the person is just letting his curiosity go wild. If Yelp wants to fire him I'd take him in my company any day.
I agree there's tons of threads above us that have cobbled together assumptions to make it feel totally cool and no problem at all for the stores and backend.
I don't agree they know the impact, and it's just plain dumb to announce you're abusing a private API for fun under your real name and employer, it's equivalent to yelling "I abused my unauthorized access to a billionaire's computers!" in front of the billionaire and DoJ lawyers.
Everything will probably be fine but this was _not_ very smart.
You probably have a different definition of malicious than most of us.
What you're thinking is, "Did he do this to break things at McDonald's or actively hurt them in some way?"
But if he's hitting an internal API and creating a bunch of fake orders for the purpose of gathering data, that's malicious, whether or not it breaks anything on McDonald's side.
When will this guy realize that the only acceptable pastime for hackers, post-2020, is having long discussions that involve the word "policy" many times?
It is all hipsters now; hackers having fun not for profit r long gone in another era. Lets see how fast this kid gets himself behind bars for trying to outwit a corporation. I agree that he overdid it but he might only see his wrongdoing in hindsight. I'm glad my comment picked up some steam; we are too locked in chains behind rules nowadays, kids can't have a little fun anymore. He can be a valuable asset to any company than falling in the hands of real criminals behind bars