That Canadian QSR’s Menu Displays Were Compromised, Taken Over, Using Phishing

April 17, 2025 by Dave Haynes

I’ve not seen anything formally from the operator or its suppliers about that system-wide hack last week of digital menu displays at a Canadian QSR chain, but Sixteen:Nine’s German language content partner invidis got some in-bound clarity about what happened.

About this time last week the order counter and drive-thru displays at Mary Brown’s Chicken locations – some 300 of them – cut over to a pro-Palestinian message.

Here’s what Florian Rotberg dug up and was told …

Using phishing, the hackers managed to gain unauthorized access to several of the company’s cloud-based IT systems, as well as to its two on-premise digital signage platforms.

The hackers manipulated the content on hundreds of screens and left the message “Free Palestine.” Just minutes after the attack, the first images and videos began to spread on social media.

This incident once again highlights the importance of regularly updating IT systems and implementing modern security features such as two-factor authentication (2FA). Security certifications such as SOC 2 Type 2 or, even better, ISO 27001—the international standard for security management—are therefore essential. IT security processes must always be up-to-date, regularly reviewed, and certified, both at the digital signage provider and at the customer.

As invidis learned, the network’s CMS systems themselves were not directly attacked. Instead, the attackers managed to take over a user account on the customer’s on-premises installation. This highlights the importance for integrators and end users to secure CMS platforms to provide the best possible security – for example, by enabling multi-factor authentication (MFA), single sign-on (SSO), IP restrictions, and detailed approval processes for content, user roles, and access rights.

Digital signage has now become a critical business tool, whose success depends heavily on the visibility and relevance of the content displayed. Many networks are now so mission-critical that they require professional IT security. However, in the digital signage industry, which is primarily dominated by medium-sized companies, continuous cybersecurity management services are not yet widespread. In contrast, regular remote management of devices and networks is already standard practice in the IT industry.

My suspicions were confirmed about the software platform and solutions provider – two different companies – that are involved. I don’t want the PR whining and finger-pointing, and because it’s not clear who fell down on this, I’m leaving that out. A little Googling will get you there, if you are curious.