Connect with us

Hi, what are you looking for?

Social Media

I’m hatin’ it — McDonalds app users hacked by hamburglar

Lauren Taylor of Halifax, Nova Scotia told CBC Canada someone spent almost $500 of her money on fast food during a five-day period from January 25th to the 29th. It does leave you to wonder how anyone could down $100 a day worth of McDonald’s without getting a serious belly-ache.

Taylor didn’t check her emails for several days, but when she did, there were dozens of order confirmations in her email inbox with the last four digits of her Visa debit card between Jan. 25-29. Strangely enough, all the orders were made in Montreal. When she checked her bank account, she had $1.99 left.

McDonald s Canada s  Keep Calm  Caesar On  crispy chicken salad.

McDonald’s Canada’s “Keep Calm, Caesar On” crispy chicken salad.
McDonald’s Canada


Whoever it was, they ate all day every day for five days, consuming everything from large fries, Big Macs, poutine, junior chicken meals, Filet-O-Fish sandwiches, McDouble burgers, bacon and hashbrown, McWraps, Egg McMuffins, and hot cakes.

McDonald’s Canada responded, saying there was no security breach on the McD’s app. “We take appropriate measures to keep personal information secure, including on our app,” Ryma Boussoufa, a company spokesperson, wrote in an email.

“Just like any other online activity, we recommend that our guests use our app diligently by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”

Sounds like an answer, all right – but Taylor doesn’t know anyone in Quebec and on top of that, she has never been to Quebec. “This is an app that’s supposed to be secure,” she said. “So why do I live in Nova Scotia and why is my card being used in Quebec? That’s crazy.”

A McCafe mug

A McCafe mug
Flickr user Heikolon (CC BY-ND 2.0)


Delete the McDonald’s app
This is what MobileSyrup’s Patrick O’Rourke is telling everyone after he was cleaned out to the tune of $2,000. And it was all because he wanted a cup of coffee.

O’Rourke wanted a cup of coffee while on his way to work one morning. Rather than wait in a long line at McDonald’s, he downloaded the McDonald’s mobile order app – added his debit MasterCard to the app – ordered his coffee, and to his surprise, found that while his debit card information was added correctly, his transaction had failed.

O’Rourke writes, “I joined the line at McDonald’s and waited for my turn at the cash. The cashier explained that she didn’t know why the order didn’t go through, but that the information related to my order was in McDonald’s’ systems.”

He tried ordering coffee the next morning and got the same bad results. This is when he decided the app wasn’t worth the hassel. “Little did I know how bad McDonald’s iOS and Android mobile app really is,” he said.

Untitled

McDonald’s Canada


About two weeks later, O’Rourke discovered nearly $2,000 had been drained from his bank account through transactions from various McDonald’s locations across Montreal. Most of the over 100 transactions were completed in a period of about two days, with none of them being over $20.

But just like Lauren Taylor and her hamburglar, O’Rourke’s hamburglar must love poutine because he or she upgraded the fries in the meal to poutine. O’Rourke says it is surprising that McDonald’s doesn’t have a safeguard in place that picks up on multiple, successive transactions.

Apparently, the company assumes that ‘hey, this guy must really like Filet-O-Fish enough to order hundreds of sandwiches in just a few hours,” says O’Rourke.

Adam Grachnik, McDonald’s senior manager of external communications in Canada, said in a statement: “I can tell you that every day, thousands of Canadians order, collect and pay for McDonald’s food and beverages on their smartphone through the My McD’s app. As you know, mobile ordering is quickly growing in popularity with all retailers, especially at McDonald’s.
While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure. McDonald’s also does not collect or store credit card information as My McD’s app only holds a token with the payment provider to allow purchases (I trust given your expertise you understand what “token” means).
Just like any other online activity, we recommend our guests be diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”

A McDonald s Happy Meal

A McDonald’s Happy Meal
Calgary Review (CC BY 2.0)


It has happened before and quite often
The bottom line to all this? These two incidents are not isolated cases. There have been many incidents reported to the police and McDonald’s dating back over several years. In January 2017, cybersecurity engineer Tijme Gommers announced he had found a vulnerability showing how to steal customer passwords from the McDonalds website.

And in the same year, McDonald’s India customers were asked to upgrade their apps after it was found a breach in the app had disclosed personal information on 2.2 million customers.

The fast-food company would like to blame the hacking on customers not using a strong enough password. The McDonalds app requires passwords to be eight to 12 characters long, with upper and lowercase characters and at least one number. The only thing safer than that is to delete the app.

Avatar photo
Written By

We are deeply saddened to announce the passing of our dear friend Karen Graham, who served as Editor-at-Large at Digital Journal. She was 78 years old. Karen's view of what is happening in our world was colored by her love of history and how the past influences events taking place today. Her belief in humankind's part in the care of the planet and our environment has led her to focus on the need for action in dealing with climate change. It was said by Geoffrey C. Ward, "Journalism is merely history's first draft." Everyone who writes about what is happening today is indeed, writing a small part of our history.

You may also like:

Social Media

Wanna buy some ignorance? You’re in luck.

Business

United Airlines CEO Scott Kirby said the carrier was reviewing recent incidents and would redouble safety initiatives as needed - Copyright AFP Logan CyrusUnited...

World

US President Joe Biden speaks during a reception honoring Women's History Month at the White House - Copyright AFP Brendan SMIALOWSKIDanny KEMPUS President Joe...

Business

A Milei marks 100 days in office, thousands protest his austerity measures - Copyright AFP Luis ROBAYOLeila MACORArgentina’s President Javier Milei has slashed public...