Story image

When hackers get the munchies, they just steal McDonalds

12 Feb 2019

What happens when hackers get the munchies? Apparently in Canada, they decide to put their ‘hamburglar’ gloves on and go after unwitting people who happen to use the McDonalds app.

According to security firm Sophos, thieves hijacked at least two people’s accounts and went on a fast food spending spree.

The thieves not only got into one user’s accounts and ran up $500 worth of fast food, but they were also located on the other side of the country.

Purchases including fries, chicken meals, Egg McMuffins, hot cakes, Big Macs and many more food items.

While the victim got a receipt every time the thieves purchased a meal, that same victim didn’t check their email often enough. They only discovered the theft after they looked at their bank balance and found they had only $1.99 left. Oops.

How did this happen? According to a statement by McDonalds Canada to CBC, there was a security problem with the McDonalds app.

Generally people can order food through the app and check in when they reach the store. They then reconfirm their order by providing a four-digit code that the app generates.

McDonalds says people shouldn’t share their passwords with others, and they should make sure they create unique passwords that are changed often.

The app will only allow passwords that are between 8-12 characters long, and with a combination of uppercase letters, lowercase letters, and at least one number.

While in this case the victim says she followed strong password security practices, it clearly wasn’t enough.

Sophos notes that one cybersecurity researcher found a flaw that allowed hackers to steal customer passwords from the McDonalds website in 2017.

Sophos also explains that it’s not the first security issue McDonalds has encountered. Also in 2017, McDonalds India encouraged all of its McDelivery app users to change their passwords. Why? Because its app leaked personal details belonging to more than 2.2 million users.

Samsung & Trade Me offer AI-powered shopping
The smartphone camera & AI-powered tech, Trade Me says, is a ‘glimpse into the future of shopping’.
Neill Blomkamp's 'Conviction' is a prequel to BioWare's Anthem
You may remember Neill Blomkamp’s name from such films as District 9, Chappie, and Elysium. If you’ve seen any of those films, the short teaser trailer will seem somewhat familiar to you.
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
617 million stolen records up for sale on dark web
It may not be the first time the databases have been offered for sale.
IBM’s Project Debater unable to out-debate human
At this incredible display of technology, the result was remarkably close but the human managed to pip the machine in this instance.
LPL to broadcast weekly programming on Sky Sports
Let’s Play Live (LPL) has now announced it will broadcast weekly programming for the rest of 2019 on the Sky Sports channel from Sky TV. 
When hackers get the munchies, they just steal McDonalds
What happens when hackers get the munchies? Apparently in Canada, they decide to put their ‘hamburglar’ gloves on and go after unwitting people who happen to use the McDonalds app.
The smart home tech that will be huge in 2019
For millennial home buyers, a generation for whom technology has been ever-present, smart systems are the features they value above everything else.