- People are roasting this ‘traditional’ take on marriage with a hilarious meme Saturday 5:17 PM
- The internet just collectively realized that the Neopets of the world must be hungry Saturday 4:00 PM
- Alt-right message board 8chan was served a search warrant Saturday 3:06 PM
- O.J. Simpson just joined Twitter in the most bizarre fashion Saturday 1:20 PM
- Prominent phone-hacking firm says it can unlock any iPhone for law enforcement Saturday 12:39 PM
- Hundreds of police officers belong to extremist Facebook groups, investigation finds Saturday 9:31 AM
- How to watch Tyson Fury vs. Tom Schwarz online Saturday 8:00 AM
- ‘Late Night’ is a disappointing, tepid comedy Saturday 7:00 AM
- How to stream ‘Love It or List It’ for free Saturday 7:00 AM
- How to watch the 2019 Concacaf Gold Cup online for free Saturday 6:55 AM
- Borderlands 3 preview suggests the aging series can still hang with the cool kids Saturday 6:30 AM
- How to stream the 2019 College World Series for free Saturday 6:00 AM
- Police try to solve domestic violence by giving victims blunt kitchen knives Friday 5:40 PM
- Privacy activist Ola Bini detained for 2 months in Ecuador without charges Friday 5:01 PM
- Twitter says suspending ‘God’ for a pro-LGBTQ tweet was an ‘error’ Friday 4:14 PM
A growing number of people who use the McDonald’s app are reporting having their accounts hacked and used to buy food.
O’Rourke says the incident began after he attempted to make a purchase on the McDonald’s app in Canada, known simply as “My McD’s,” but had his order declined. After forgetting about the app, which holds users’ credit card details, O’Rourke says he began to notice strange activity two weeks later.
The account suddenly began acquiring food “from various McDonald’s locations across Montreal, Quebec,” costing O’Rourke $2,000 CAD or $1,509 USD. Numerous purchases were made within minutes of one another, O’Rourke added, fueling speculation that his account details may have been shared with numerous people.
After contacting McDonald’s to dispute the more than 100 meals purchased, O’Rourke says he was told to take the issue up with his bank. And although he did eventually receive a refund, O’Rourke told CBC that McDonald’s reaction was subpar given the severity of the issue.
“To me, it just seems like a little bit negligent… like they don’t really care,” O’Rourke said. “McDonald’s should at least be sending out a mass email to everyone that has the account [to say], ‘Hey, you should reset your password.'”
McDonald’s Canada responded to the issue by telling CBC that it believed O’Rourke’s case was part of only a few “isolated incidents” involving app accounts being breached.
“If guests notice any unauthorized purchases, we recommend they contact their bank and change their password immediately,” spokesperson Adam Grachnik told CBC.
O’Rourke, however, was able to find numerous instances on Twitter of Canadian individuals who similarly had their accounts compromised.
When questioned about the security of its app, McDonald’s Canada defended its product.
“Similar to other apps, we are constantly improving the My McD’s App and updating it with enhancements to make the user experience as strong and safe as possible,” said Grachnik.
It remains unclear how exactly account credentials are being accessed. In a statement to Gizmodo, McDonald’s Canada added that users should be “diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”
Despite the fast food giant’s assurances, O’Rourke argues that the company’s response is troublesome.
“I find it pretty shocking that a massive company like McDonald’s wouldn’t just take responsibility for something like this,” O’Rourke said. “They have more than enough money to be reimbursing people for these issues.”
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.