If You Are Using the McDonald's App, You Need to Think About Hackers

Most users worry about the safety of their banking apps or other programs that contain sensitive information. Thus, it is no wonder it might come as a shock that an app, which is supposed to help users order their favorite food, could drain their accounts out of money. Unfortunately, it appears something like this could happen to McDonald’s app users in Canada. Most victims blame the program, while McDonald’s representatives blame their customers’ poor password habits. In this article, we will talk about the issue in more detail as well as present a couple of cases in which users lost from $500 to nearly $2000 due to fraudulent food orders. If you want to know more about hacked McDonald's app users and what you ought to do to protect yourself, we invite you to read the rest of this blog post.

Why McDonald’s app users should worry about hackers?

There are quite a lot of reports from McDonald's app users in Canada that say someone hacked into their accounts and ordered food in their expense. No one knows who the hungry hacker behind these attacks is or if there is more than one of them, so the media decided to name the culprit hamburglar.

Lauren Taylor, a woman from Nova Scotia claims someone ordered food for almost $500 using her account. It all happened in only five days, during which she did not check her email. Once she did, she found a bunch of order confirmations from the McDonald's app. Unfortunately, when she checked the account she used to pay for food, she found out there was only $1.99 left in it. What the victim could not understand was how no one found it strange that the orders were much bigger and more costly than usual. Not to mention that they were made from Quebec, a city the woman has never visited.

The most recent victim of hamburglar was a journalist named Patrick O’Rourke. The funny thing is that the man installed the McDonald's app only recently, and after two transaction failures, he decided to continue ordering his food without the app. However, after two weeks, he realized something was wrong as he was missing around $2000. Apparently, someone who hacked into his account spent it on Big Macs, McFlurries, Chicken McNuggets, and so on. McDonald’s did not take any responsibility. Same as other victims, O’Rourke was asked to seek a refund from his credit card company.

There are more reports from users who have lost money due to unauthorized purchases made from their McDonald’s app and who have not received any help from the company. For example, one woman tweeted that when she called McDonald’s Canada, she was explained that nothing could be done. A simple apology does not seem enough when you lose a substantial sum of money and get your account frozen because of suspicious activities going on.

How did McDonald’s respond to these incidents?

Gizmodo.com team talked with one of the most recent hamburglar victims and asked McDonald’s to comment on the incidents related to their app. The statement they received said: “While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app.” Also, it advised McDonald’s app users to create unique passwords, change them often, and not to share them with anyone. Such comments show that the company takes no responsibility for the incidents and blame users themselves for being too careless.

A large and well-known company like McDonald's should at least consider a possibility that their app might have flaws and carry out an investigation. Especially when the organization has accidentally leaked user data in the past, and when there are quite a few McDonald's app users who were hacked already. For instance, in 2017, it was revealed that McDonald’s India app leaked personal information, such as email addresses, phone numbers, and home addresses of around 2.2 million users. The same year, the company found a vulnerability on their website that may have allowed hackers to steal customers’ passwords from the McDonald's site.

What can you do to protect yourself?

McDonald’s recommend creating unique and strong passwords and the app requires the passcode to consist from eight to twelve characters, with at least one number, and both lowercase and uppercase letters. Even if passwords were strong, it is quite possible that McDonald's app users were hacked because of some flaw in the program. In such a case, the only way to protect oneself from becoming a victim of the so-called hamburglar would be to get rid of the app. If you do not want to do so, specialists recommend removing all payment methods from the app, so that if anyone hacks it, they would not be able to order food at your expense.

Two-factor authentication feature could improve the situation, but for now, McDonald's app does not offer it, and it is unknown whether the company is planning on adding such a safety measure. For those who are determined to use McDonald's app despite the risks, we advise using a completely unique password that could be generated by a password manager like Cyclonis Password Manager. Also, it would be best to change it regularly and, of course, monitor your email (where you receive order confirmations) and banking account to check if there are no orders and money charges that you do not recognize.

As we often say, you cannot let your guard down even for a second, whether you are browsing the Internet, setting up a new account, or ordering a hamburger. Data breaches and account hacking happens every day, so you have to react to cybersecurity news fast. If our blog post helped you realize how dangerous it could be to use the McDonald's app in Canada, we recommend using our suggested tips if you do not want to become one of the hacked McDonald's app users. Hopefully, the company will address the matter seriously, and, soon enough, customers in Canada will be able to enjoy ordering food without any fear. Until then, we encourage you to learn more about hacking and safety precautions you ought to use here.