McDonald's app customers are getting their accounts hijacked by hackers who spent as much as $2,000 on enormous orders of Big Macs and nuggets
- McDonald's app users are being targeted by hackers who order more than $2,000 worth of meals and leave no trace.
- The "My McD's" app in Canada can be used to pre-order food and drink for collection, and stores credit card information for payments.
- So far in 2019 there have been dozens of reports on Twitter, App Store reviews, and Reddit that the app is often the target of hackers.
- McDonald's says it is "aware" of the reports but is "confident in the security of the app."
- On some occasions, McDonald's Canada has refused to refund fraudulent transactions and urged users to contact their banks for compensation.
- Visit Business Insider's homepage for more stories.
Users of a McDonald's app in Canada are having their accounts commandeered by hackers who are using the accounts to order food for themselves, racking up bills in excess of CAD $2,000.
The scammers appear to quietly access the accounts and then make many regular-sized orders costing around $20 a time. Victims say they didn't notice the money leaving their accounts, sometimes for weeks.
Over several months, users of the My McD's app say they've been scammed and charged for orders they didn't make, and have posted screenshots of the receipts online.
It is not clear how hackers are accessing people's accounts. McDonald's has said it is confident in the security of the app.
Most recently, Patrick O'Rourke, a technology journalist, was charged for 100 separate meals, totalling $2,000, at a branch in Montreal between April 12-18.
"McDonald's should at least be sending out a mass email to everyone that has the account [to say], 'Hey, you should reset your password'," he told CBC.
On many occasions, including with O'Rourke, McDonald's Canada has said it would not refund the transactions, and has urged app users to seek compensation from their bank instead.
The number of people who say their accounts have been breached is increasing by the day.
AP Photo/Ng Han Guan
In February 2019, a hacker bought $484 of McDonald's products via the account of a woman named Lauren Taylor.
Taylor lives in Halifax, Nova Scotia, but the food was ordered from a restaurant in Quebec, more than 550 miles away. "It's amazing to see how quick someone can just breach your privacy," she told CBC,.
Read more: Leaked documents show that McDonald's is adding international hits to its American menu, including the Spanish Grand McExtreme Bacon Burger and the Dutch Stroopwafel McFlurry
MyMcD's app user Patty Duke from Ontario had $100 worth of McDonald's meals - mainly filets-o-fish - bought with her card through the app in February, she told CTV.
MyMcD's app user Brett O'Donnell was the target of scammers on January 17. He only lost $50, but told CBC that ihe missed the rogue transactions because receipt emails were landing in his spam inbox.
Ontario resident Brian Coleman told CBC he had $267 worth of McDonald's charged to his credit card from a branch miles away in Montreal.
"I expected them to do the refund because it was their fault," he stressed. "It's their application. If it's not secure, they should take responsibility."
Read more: McDonald's lost a 'David versus Goliath' trademark battle over Big Macs to a small Irish rival called Supermac's
Many others complained to McDonald's online.
McDonald's Canada spokesman Adam Grachnik told CBC:
"While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure."
"Similar to other apps, we are constantly improving the My McD's App and updating it with enhancements to make the user experience as strong and safe as possible."
Business Insider contacted McDonald's Canada for comment but is yet to receive a response.
@McDonalds my mobile app account was compromised and someone that wasn't me ordered food off of my card. I changed my password - now how do I get my money back?- Justin Amaker (@JustinAmaker) April 20, 2019
me too! I cancelled my card as soon as I got an email receipt for a meal i didn't order in a city thousands of miles away- Jasna Todorović (@JasnaTod) April 23, 2019
@McDonalds Hi, my MyMcDs account got breached and I was wondering if I could just delete the account, as I don't really use it anyway.- Kyle Hatt (@KnightofNightz0) April 25, 2019
@McDonalds you need to fix your MyMcD's app. Every time I use this app, my credit card gets compromised by someone in Quebec. 4 times already in 2019! This is ridiculous.- Ian (@i_g_miller) April 8, 2019
- Five planets will stage a rare spectacular event in the night sky on March 28
- Sam Altman, who was already wealthy before starting OpenAI, reportedly doesn't own any equity in the company behind ChatGPT
- A 'hole' 30 times Earth's size has spread across the sun, blasting solar winds that'll hit our planet by end of this week
- Crompton Greaves Consumer Electricals and kitchen appliance maker Butterfly announce merger
- ICMR comes up with first ethical guidelines for application of AI in biomedical research, healthcare
- Measures taken by IIFCL to keep bad loans under check: Parliamentary panel
- Microsoft adds 'AI-generated stories' to its Bing search
- Housing sales up 14% annually in Jan-Mar to 1.13 lakh units across top 7 cities: Anarock