Skip to main content

Courtesy of Zero Hedge

It looks like McDonald's new-and-improved "hot" Hamburglar might have some competition.

The CBC reported on Tuesday that a mysterious 'hamburglar' has been victimizing users of a new digital payments app rolled out in Canada by McDonald's called 'My McDs'. Hackers have apparently found a way to infiltrate the app and wrack up large bills on unsuspecting users' credit cards.

The story was again brought to the media's attention after a tech writer got hit with a $2,000 bill for food he didn't order that was charged via the app. When he contacted McDonald's to complain about the fraudulent charges, the company told him to resolve the issue with his credit card company and refused to issue a refund – an experience that was apparently shared by dozens of others.

The fraudster pulled off the fast-food scam by infiltrating O'Rourke's McDonald's mobile app account, which was linked to his debit card.
The scammer then used the app to order more than 100 meals for pick-up between April 12 and 18. The smorgasbord included McFlurries, Big Macs, Chicken McNuggets and poutine.
"It could be one guy who was able to hack my account and he shared it with a bunch of his friends across Montreal, and they all just went on a food spree,"said O'Rourke, who's baffled by the crime.

Since McDonald's wouldn't issue immediate refunds, forcing impacted customers to wait weeks for their banks to resolve the issue, some complained that the charges, which typically amounted to hundreds of dollars, put them into a difficult financial position.

Lauren Taylor says she has no idea how someone in Montreal spent $483.65 using her McDonald's app.
The Halifax woman said she received dozens of order confirmations in her email inbox with the last four digits of her Visa debit card between Jan. 25-29.
"It's amazing to see how quick someone can just breach your privacy…rent is three days away and now I have to find the money,"Taylor said. "It's a good thing that I live with family. Otherwise I'd be out."

As customers congregated online to complain about the security breach, which they blamed on the flaws with the app, McDonald's issued a statement apparently blaming the app's users for their own misfortune.

McDonald's Canada told CBC News that it's only aware of "some isolated incidents" involving compromised app accounts. The company said it keeps personal information secure and that it's confident in the security of its app.
McDonald's didn't say how fraudsters have infiltrated customer accounts, but it recommended that customers practice due diligence by beefing up their passwords and keeping them secure.
"If guests notice any unauthorized purchases, we recommend they contact their bank and change their password immediately,"said spokesperson Adam Grachnik in an email.

So far, the dollar-value of food stolen has climbed into the thousands of dollars.

That's a lot of McDoubles.