"Hamburglar" Hackers Are Still Scamming Free Food Through The McDonald's Canada App
Somebody get Officer Big Mac on the case!
Ordering food through an app seems like a really convenient way to get what you want. For fans of the Golden Arches, McDonald's Canada offered such an app, allowing hungry customers to place mobile orders for pickup. However, the McDonald's app has been hacked in Canada by so-called "Hamburglars" placing orders on other people's accounts.
There has already been a number of instances in which a person's account on the app, which includes added payment information from either a debit or credit card, was hacked by a third party who used the account to place food orders, sometimes in entirely different provinces.
Patrick O'Rourke, a writer at Mobile syrup, detailed his own experiences in being defrauded through the app. While O'Rourke lives in Toronto, someone had used the payment information on his account to place $2,000 worth of orders around Montreal.
Similarly, Patty Duke, an Ontario resident, had $100 worth of McDonald's meals charged to her account somewhere in Laval, Quebec.
"I thought it was an error at first because I couldn’t believe that I’d place four separate orders all to the same McDonald’s within minutes of each other," Duke told CTV News. "It didn’t make a whole lot of sense."
There have been other instances of people using the app and having their account hacked, with a number of the orders being placed somewhere in Quebec. Some customers shared their frustration on Twitter and received responses from McDonald's Canada.
"@McDonalds @McDonaldsCanada Woke up today to see a $25 charge on my app from Quebec. I'm in Winnipeg. I'm now the third person I know of that this has happened to," Twitter user @im_FFBF00 wrote.
"@McDonaldsCanada so not impressed with the security of your APP! Was just hacked and the hacker was able to make purchases of almost $100 and I can’t get into my account to delete my payment info or change my password! 😡😡😡😡😡😡😡" wrote @Shan_104.
McDonald's Canada replied to both tweets requesting more information from the customers.
In an email to Narcity, Ryma Boussoufa, a spokesperson for Mcdonald's Canada, wrote, "While we are aware that some isolated incidents involving unauthorized transactions have occurred, we remain confident in the security of our app."*
Boussoufa recommended customers use strong passwords for their accounts and that they refrain from sharing passwords as well.*
"If a guest has experienced an unauthorized transaction, they are prompted to notify their financial institution, who will investigate the charge," Boussoufa wrote in the same email to Narcity.* "In some cases, coupons may have been provided as a form of goodwill for the guests' inconvenience."
On Twitter, McDonald's Canada claimed that they could not provide refunds due to how their app works, writing, "The payment information on the app is not stored in our system. Our system holds a unique token with your payment provider, which allows purchases via the app. This token doesn't work both ways and we're unable to reverse charges. Only the payment provider can reverse a charge."
McDonald's has used the app in the past for promotional purposes, such as offering customers, and even offering them . They have also used the app to offer to their customers.
*This article has been updated.