Privacy Attack by Jordanian Fast Food Delivery Call Centres

February 19, 2014

By Hala Dasouqi; image by Sierra West

1. Choose any fast food restaurant that you had previously ordered from. Examples: McDonalds, KFC, Popeyes, Pizza Hut, Little Caesar, etc.

2. Call the delivery number of the restaurant you chose; use a number from which you haven’t previously called them.

3. The operator will ask you if you have ordered from another number before, answer yes. S/he will ask you to give him/her the number you usually order from. Go ahead and give him the number associated with your account.

4. That’s when you should start listening to the call center operator reading your home address (neighborhood name, street address, and sometimes s/he will tell you on which side of the elevator your apartment is located.)

5. Now imagine if a stranger wanted to know your home address, all s/he has to do is know your mobile number, next s/he will simply call any Fast Food Delivery number that you might have ordered from to get your home address. Painless and free, ha?

Alright, so go ahead now and try it.

Great, now you know what I mean and it does feel uncomfortable. That said, we need to do something about it.

I called Burger King today on +962658055555 and made this issue point to the operator, he listened and asked questions about my argument. Then he told me that this is a great idea and he will let the management know right away. Then, he suggested that in the future he will ask for the customer’s street name as verification before proceeding with the order details.

What do you suggest? What information do you think they should ask for?

In order to stop operators from unintentionally giving away their customers’ private information in Jordan, we need to constructively raise the awareness of the next operator we will call to place a food order.

Ask him/her not to voluntarily share your private information, and to find a way to validate your identity other than your mobile number.

Remember, your mobile number is most probably on True Caller (mobile application), or on your resume or LinkedIn profile.