Unknown Individuals Order $2,000 Worth of Food Through Stolen McDonald’s App Accounts

McDonald’s Canada has stated that they are confident in the security of their app and have advised users to set strong passwords. For several months, users of the My McD’s app in Canada have been complaining that someone is placing large fast food orders through their accounts.

According to Patrick O’Rourke, a journalist for a local publication and one of the victims, a criminal (or group of criminals) somehow gained access to his My McD’s app account, which was linked to his Mastercard. O’Rourke said he tried to use the app twice, but after failed transaction attempts, he simply stopped using it. However, over the next two weeks, someone used his account to place more than a hundred food orders totaling $2,139, with some orders just minutes apart.

“It could have been one person who hacked my account and then shared it with friends all over Montreal,” the journalist speculated.

In a comment to CBC News, representatives from McDonald’s Canada acknowledged that they are aware of “isolated incidents,” but remain fully confident in the security of their app. McDonald’s did not specify how the fraudsters managed to compromise the accounts, but recommended that users set strong passwords and not share them with others.

O’Rourke, however, disagrees with McDonald’s statement. Given the number of affected users, he believes the issue is likely not weak passwords, but a possible vulnerability in the app that allowed criminals to hack user accounts.

Previously, two Australians managed to get free hamburgers by exploiting a vulnerability in McDonald’s electronic ordering system.