A poorly configured server gave anyone access to the names, emails, home addresses and phone numbers of users, said Fallible.
McDonald reacted with, "Our site and application don't store any delicate monetary information of clients like Credit card subtle elements, wallet passwords or financial balance data".
McDonald's India said it had fixed the app and urged users to install the updated version.
McDonald's further wrote, "The website and app have always been safe to use, and we update security measure on a regular basis".
In an update to the report on hackernoon, Fallible has reported that McDonalds replied to them that the issue had been fixed; but they said, "he McDonald's fix is incomplete and the endpoint is still leaking data".
Update: McDonald's India commented on the issue with the following statement advising customers to update their app.
Simon Mignolet delivers Twitter verdict after Liverpool draw v Manchester City
Guardiola said City's enterprising display, so soon after their disappointment at Monaco, made it "one of (his) happiest days as a manager".
The report blames an unprotected publicly accessible API endpoint that can be coupled with a series of numbers that act as customer IDs that can be used to obtain access to all users' personal information.
A post on independent blog post hackernoon claimed that McDonald's India is leaking data of 2.2 million users.
McDonald's operations in India are split into two entities - McDonald's India (West & South) and McDonald's India (North & East), and the McDelivery app and website are owned and operated by the former entity.
Popular fast food restaurant chain McDonalds or McD as we say is under the radar for data leaks in India.
It claimed to have uncovered "more than 50" instances of data leaks at Indian firms. If such an option is not present, it would help to contact McDonald's India to take suggestions on the next course of action. "We have communicated this again to them and are waiting for their response".
India often suffers from poor data protection and privacy laws, meaning online sites, apps and services are often much more poorly protected than in the UK.