The golden arches has reportedly been receiving reports of such incidents for several months. It's unclear if the fraudulent behavior is being carried out by just one individual or a team of hamburglars.
Patrick O'Rourke, the managing editor of MobileSyrup and one of many impacted by the hack, recently recounted his experience in a post on the site, noting that things started to go downhill the moment after he opted to download the McDonald's app so that he could pick up a cup of coffee.
"Rather than wait in a long line at Toronto's Union Station, I downloaded the McDonald's iPhone mobile order app while commuting to the MobileSyrup office on the Go Train. I added my debit Mastercard to the app, and ordered a coffee with two sugars and two milks," he explained. "To my surprise, even though my card information was added correctly, the transaction failed."
Shrugging off the matter, O'Rourke went old-school, getting in line so that he could place his order in person with a cashier. At that point, he inquired about the electronic order and was informed by the employee that details about his order were in the system.
"I walked away with coffee in hand thinking that McDonald's new app wasn't very good. I attempted the same purchase the following day and experienced identical results. At this point, I gave up and decided the company's mobile ordering app wasn't worth the hassle," he wrote.
In the days that followed, O'Rourke found himself with "nearly $2,000 CAD defrauded from [his] bank account, all from various McDonald's locations across Montreal, Quebec." In reviewing the orders, the journalist discovered that he had footed the bill for McChicken Value Meals, poutine and even Oreo McFlurries.
After filing out some bank forms, O'Rourke was luckily able to get a refund. However, this, as previously mentioned, wasn't the only incident.
Earlier this year, Canadian Patty Duke told CTV News that $100 worth of meals were charged to her account, all within minutes of each other. "I thought it was an error at first, because I couldn't believe that I'd place four separate orders all to the same McDonald's within minutes of each other… It didn't make a whole lot of sense," she said.
And then there's the case of Lauren Taylor, a resident of Nova Scotia who wound up with a $500 bill from McDonald's, courtesy of a hacker who ordered large fries, Big Macs, Filet-O-Fish sandwiches and hot cakes, among other food options.
"It's amazing to see how quick someone can just breach your privacy," she told CBC News. "This is an app that's supposed to be secure… So why do I live in Nova Scotia, and why is my card being used in Quebec? That's crazy."
Various other individuals have voiced their own experiences online.
— Kevin Getz (@Kevin_Getz) April 28, 2019
— Guillaume Dauphinais (@delphs) April 24, 2019
— Lorena Szakacs (@Lorzach) April 24, 2019
— CJ K (@cjkeats) April 24, 2019
— Peter Papadopoulos 🇬🇷 🇨🇦 (@pete_daheat) April 23, 2019
— Angelo Gio Mateo (@angelogiomateo) April 23, 2019
A common theme among reports suggests that Mickey D's customers have been faulted for not having strong passwords, even in cases in which lovers of the golden arches said they did.
Adam Grachnik, spokesperson for McDonald's Canada, told the Business Insider that the company is aware of the matter and that they are "confident in the security of the app."
"We do take appropriate measures to keep personal information secure," Grachnik said. "Similar to other apps, we are constantly improving the My McD's App and updating it with enhancements to make the user experience as strong and safe as possible."
While the jury appears to still be out on just how secure the app is, it might be best to put mobile orders on pause until all issues are resolved.