At this point, it shouldn’t be surprising to hear that McDonald’s has its own app. After all, basically every single company and brand out there does, and if they don’t, it’s pretty much a bad business move nowadays. Downloading the McDonald’s app has plenty of benefits for you, especially if you go to the chain restaurant quite frequently. The app allows you to place mobile orders, which saves time because you don’t have to wait around in the store to get your food. You can also pay through the app, which is super convenient. There are also lots of weekly deals and coupons offered on the app to help you make the most of your experience. So, it’s safe to say that it’s one app that’s worth having!
Well, when someone isn’t messing with it, that is. See, the problem is that no matter how cool this McDonald’s app might be, it’s still part of technology — and anything like this can be hacked by people who live to make technology a little bit more difficult than it needs to be. That’s what’s happening right now, actually!
Someone has hacked the McDonald’s app, and it’s costing users thousands of dollars. Which, ouch.
The hacker is basically a real life Hamburglar. You know, the masked hamburger that McDonald’s has used as a mascot for years? It’s kind of coming back to haunt them.
Here’s the deal: Since January, there have been many reports about someone (or maybe more than one person) who hacks McDonald’s app accounts. Once they’re in your account, they get into a customer’s linked credit and/or debit card (because, remember you can pay using the app), and they spend hundreds or thousands of dollars by ordering meals.
Hamburglar kicking it up a notch these days.
— Michelle Blau (@MichelleEBlau) April 29, 2019
The latest person who has fallen victim to the Hamburglar, for lack of a better term, is Toronto tech writer Patrick O’Rourke.
In a spot on MobileSyrup, he wrote that he downloaded the app to order a coffee quickly one day, then found it didn’t seem to be working correctly.
Not long afterwards, he realized that over $2,000 worth of charges had been made to his app for menu items in Montreal, like McNuggets, Big Macs, and poutine.
Look, it's me. https://t.co/QF0X4gaCw7
— Patrick O'Rourke (@Patrick_ORourke) April 28, 2019
The hacker worked fast: There were over 100 transactions that were completed in just a few days. Each one was under $30 CAD and were made minutes apart from each other.
O’Rourke wrote, “For whatever reason, McDonald’s’ mobile app doesn’t have safeguards in place to prevent multiple successive transactions like this. It seems the fast food company assumes that ‘hey, this guy must really like Filet-O-Fish enough to order dozens of sandwiches in just a few hours.'”
He has a point!
O’Rourke did his research and found that he was far from the only person who has been a victim of fraud from the McDonald’s app. He discovered other users complaining about it on social media, and found articles that had previously discussed security issues with the app.
This just happened to me. Really jealous of the thief who bought five $20+ meals in the past 5 mins at the North York @McDonaldsCanada. You might want to bump this issue up your priority list @McDonalds https://t.co/Cw468Xxel0
— Clark Rabbior (@clarkrabbior) April 29, 2019
Still, despite that, the response O’Rourke received from McDonald’s was one that basically said, “Yeah, some people are using our app and becoming victims of fraud for thousands of dollars, but a lot of people are fine, so it’s cool!”
Well, not exactly that. Adam Grachnik, McDonald’s senior manager of external communications, said, “I can tell you that every day, thousands of Canadians order, collect and pay for McDonald’s food and beverages on their smartphone through the My McD’s app.”
He added, “While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure. McDonald’s also does not collect or store credit card information as My McD’s app only holds a token with the payment provider to allow purchases (I trust given your expertise you understand what “token” means). Just like any other online activity, we recommend our guests be diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”
That response is frustrating, because the company is basically saying that they aren’t taking responsibility for what’s happening with the hacker.
And sure, hacks happen, but O’Rourke is right: They should have some kind of security system in place that flags when a user orders multiple orders in just under a few minutes time. Especially if they have a history of these issues!
O’Rourke isn’t the only one who has been scammed. You can see on Twitter that other users have has this happen to them as well.
Sometimes the total isn’t too much. This person only lost about $40.
@McDonaldsCanada your app was hacked and someone had a $40 lunch on me. Not nice.
— Anna Chlebowska (@AnnaChlebo) April 30, 2019
Hamburglar strikes again, feasts on $2,000 in meals using customer's McDonald's app | CBC News https://t.co/xtfks1JTeN
Other users have complained that after it happened to them, McDonald’s was unresponsive and not helpful. They’re complaining about the customer service issues, which we can’t blame them for.
And it’s not just in Canada. This person reported it happening in the United States:
Other people have stopped using the app after experiencing this. We would too!
so someone hacked my @McDonalds app somehow and charged a load of food to my card. In Montreal. lmao getting my card off that app real quick.
— Koda (@KodaArktos) April 28, 2019
Fortunately, O’Rourke’s bank refunded him the money from the fraudulent charges. But McDonald’s itself doesn’t seem to be doing anything.
My bank has refunded the $2,033.58 in fraudulent McDonald's app transactions pulled from my chequing account 🙌. pic.twitter.com/O6sZZcAzrZ
— Patrick O'Rourke (@Patrick_ORourke) April 25, 2019
While you should always be careful about your password, McDonald’s needs to have a better security system in place. This many people should not become victims of fraud from their app.
Until they fix the app, your best way to avoid getting charged for food you didn’t order is to avoid using the app. Or download it and don’t link it to your credit or debit card. You’re better safe than sorry!