- How ‘Stranger Things’ is inspiring new waves of Dungeons and Dragons fans 4 Months Ago
- Why you should be watching ‘Red vs Blue’ on Netflix 4 Months Ago
- How to live stream Sergey Kovalev vs. Anthony Yarde Today 5:00 AM
- How to stream Real Madrid vs. Real Valladolid Friday 10:44 PM
- How to stream Liverpool vs. Arsenal Friday 10:28 PM
- How to stream Manchester United vs. Crystal Palace Friday 10:05 PM
- How to stream Chelsea vs. Norwich City Friday 8:55 PM
- How to stream the 2019-20 Serie A season Friday 8:05 PM
- Tom Brady keeps supplying us with new meme material Friday 5:55 PM
- Emails reveal Facebook’s knowledge of Cambridge Analytica Friday 3:43 PM
- ‘Fast and Furious’ + ‘American Ninja Warrior’ = Netflix’s ‘Hyperdrive’ Friday 3:15 PM
- Trump jokes drop in Dow is because Seth Moulton dropped out of 2020 race Friday 3:13 PM
- What we learned when we visited Mr. B, America’s chonkiest cat Friday 1:46 PM
- Trump’s new plan to fight opioid overdose? This tweet Friday 1:06 PM
- Fitness influencer shamed for ‘sharing numbers’ in weight loss posts Friday 1:04 PM
A growing number of people who use the McDonald’s app are reporting having their accounts hacked and used to buy food.
O’Rourke says the incident began after he attempted to make a purchase on the McDonald’s app in Canada, known simply as “My McD’s,” but had his order declined. After forgetting about the app, which holds users’ credit card details, O’Rourke says he began to notice strange activity two weeks later.
The account suddenly began acquiring food “from various McDonald’s locations across Montreal, Quebec,” costing O’Rourke $2,000 CAD or $1,509 USD. Numerous purchases were made within minutes of one another, O’Rourke added, fueling speculation that his account details may have been shared with numerous people.
After contacting McDonald’s to dispute the more than 100 meals purchased, O’Rourke says he was told to take the issue up with his bank. And although he did eventually receive a refund, O’Rourke told CBC that McDonald’s reaction was subpar given the severity of the issue.
“To me, it just seems like a little bit negligent… like they don’t really care,” O’Rourke said. “McDonald’s should at least be sending out a mass email to everyone that has the account [to say], ‘Hey, you should reset your password.'”
McDonald’s Canada responded to the issue by telling CBC that it believed O’Rourke’s case was part of only a few “isolated incidents” involving app accounts being breached.
“If guests notice any unauthorized purchases, we recommend they contact their bank and change their password immediately,” spokesperson Adam Grachnik told CBC.
O’Rourke, however, was able to find numerous instances on Twitter of Canadian individuals who similarly had their accounts compromised.
When questioned about the security of its app, McDonald’s Canada defended its product.
“Similar to other apps, we are constantly improving the My McD’s App and updating it with enhancements to make the user experience as strong and safe as possible,” said Grachnik.
It remains unclear how exactly account credentials are being accessed. In a statement to Gizmodo, McDonald’s Canada added that users should be “diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”
Despite the fast food giant’s assurances, O’Rourke argues that the company’s response is troublesome.
“I find it pretty shocking that a massive company like McDonald’s wouldn’t just take responsibility for something like this,” O’Rourke said. “They have more than enough money to be reimbursing people for these issues.”
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.