- McDonald’s app users are being targeted by hackers who order more than $2,000 worth of meals and leave no trace.
- The “My McD’s” app in Canada can be used to pre-order food and drink for collection, and stores credit card information for payments.
- So far in 2019 there have been dozens of reports on Twitter, App Store reviews, and Reddit that the app is often the target of hackers.
- McDonald’s says it is “aware” of the reports but is “confident in the security of the app.”
- On some occasions, McDonald’s Canada has refused to refund fraudulent transactions and urged users to contact their banks for compensation.
- Visit Business Insider’s homepage for more stories.
Users of a McDonald’s app in Canada are having their accounts commandeered by hackers who are using the accounts to order food for themselves, racking up bills in excess of CAD $2,000.
The scammers appear to quietly access the accounts and then make many regular-sized orders costing around $20 a time. Victims say they didn’t notice the money leaving their accounts, sometimes for weeks.
Over several months, users of the My McD’s app say they’ve been scammed and charged for orders they didn’t make, and have posted screenshots of the receipts online.
It is not clear how hackers are accessing people’s accounts. McDonald’s has said it is confident in the security of the app.
Most recently, Patrick O’Rourke, a technology journalist, was charged for 100 separate meals, totalling $2,000, at a branch in Montreal between April 12-18.
“McDonald’s should at least be sending out a mass email to everyone that has the account [to say], ‘Hey, you should reset your password’,” he told CBC.
On many occasions, including with O’Rourke, McDonald’s Canada has said it would not refund the transactions, and has urged app users to seek compensation from their bank instead.
The number of people who say their accounts have been breached is increasing by the day.
In February 2019, a hacker bought $484 of McDonald’s products via the account of a woman named Lauren Taylor.
Taylor lives in Halifax, Nova Scotia, but the food was ordered from a restaurant in Quebec, more than 550 miles away. “It’s amazing to see how quick someone can just breach your privacy,” she told CBC,.
MyMcD’s app user Patty Duke from Ontario had $100 worth of McDonald’s meals – mainly filets-o-fish – bought with her card through the app in February, she told CTV.
MyMcD’s app user Brett O’Donnell was the target of scammers on January 17. He only lost $50, but told CBC that he missed the rogue transactions because receipt emails were landing in his spam inbox.
- McDonald’s Canada/Facebook
Ontario resident Brian Coleman told CBC he had $267 worth of McDonald’s charged to his credit card from a branch miles away in Montreal.
“I expected them to do the refund because it was their fault,” he stressed. “It’s their application. If it’s not secure, they should take responsibility.”
Many others complained to McDonald’s online.
@McDonalds my mobile app account was compromised and someone that wasn’t me ordered food off of my card. I changed my password — now how do I get my money back?
— Justin Amaker (@JustinAmaker) April 20, 2019
me too! I cancelled my card as soon as I got an email receipt for a meal i didn't order in a city thousands of miles away
— Jasna Todorović (@JasnaTod) April 23, 2019
@McDonalds Hi, my MyMcDs account got breached and I was wondering if I could just delete the account, as I don’t really use it anyway.
— Kyle Hatt (@KnightofNightz0) April 25, 2019
@McDonalds you need to fix your MyMcD's app. Every time I use this app, my credit card gets compromised by someone in Quebec. 4 times already in 2019! This is ridiculous.
— Ian (@i_g_miller) April 8, 2019
McDonald's Canada spokesman Adam Grachnik told Business Insider:
"While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure."
"Similar to other apps, we are constantly improving the My McD's App and updating it with enhancements to make the user experience as strong and safe as possible."