- McDonald’s app users are being targeted by hackers who order more than $US2,000 worth of meals and leave no trace.
- The “My McD’s” app in Canada can be used to pre-order food and drink for collection, and stores credit card information for payments.
- So far in 2019 there have been dozens of reports on Twitter, App Store reviews, and Reddit that the app is often the target of hackers.
- McDonald’s says it is “aware” of the reports but is “confident in the security of the app.”
- On some occasions, McDonald’s Canada has refused to refund fraudulent transactions and urged users to contact their banks for compensation.
- Visit Business Insider’s homepage for more stories.
Users of a McDonald’s app in Canada are having their accounts commandeered by hackers who are using the accounts to order food for themselves, racking up bills in excess of CAD $US2,000.
The scammers appear to quietly access the accounts and then make many regular-sized orders costing around $US20 a time. Victims say they didn’t notice the money leaving their accounts, sometimes for weeks.
Over several months, users of the My McD’s app say they have been scammed and charged for orders they didn’t make, and have posted screenshots of the receipts online.
It is not clear how hackers are accessing people’s accounts. McDonald’s has said it is confident in the security of the app.
Most recently, Patrick O’Rourke, a technology journalist, was charged for 100 separate meals, totalling $US2,000, at a branch in Montreal between April 12-18.
“McDonald’s should at least be sending out a mass email to everyone that has the account [to say], ‘Hey, you should reset your password’,” he told CBC.
On many occasions, including with O’Rourke, McDonald’s Canada has said it would not refund the transactions, and has urged app users to seek compensation from their bank instead.
The number of people who say their accounts have been breached is increasing by the day.
In February 2019, a hacker bought $US484 of McDonald’s products via the account of a woman named Lauren Taylor.
Taylor lives in Halifax, Nova Scotia, but the food was ordered from a restaurant in Quebec, more than 550 miles away. “It’s amazing to see how quick someone can just breach your privacy,” she told CBC,.
MyMcD’s app user Patty Duke from Ontario had $US100 worth of McDonald’s meals – mainly filets-o-fish – bought with her card through the app in February, she told CTV.
MyMcD’s app user Brett O’Donnell was the target of scammers on January 17. He only lost $US50, but told CBC that he missed the rogue transactions because receipt emails were landing in his spam inbox.
Ontario resident Brian Coleman told CBC he had $US267 worth of McDonald’s charged to his credit card from a branch miles away in Montreal.
“I expected them to do the refund because it was their fault,” he stressed. “It’s their application. If it’s not secure, they should take responsibility.”
Many others complained to McDonald’s online.
McDonald’s Canada spokesman Adam Grachnik told Business Insider:
“While we are aware that some isolated incidents involving unauthorised purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure.”
“Similar to other apps, we are constantly improving the My McD’s App and updating it with enhancements to make the user experience as strong and safe as possible.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.