I found out someone has made an order on my account through my email totalling around $50.
I've changed my password and contacted the mcdonalds support (leave feedback). Is there anything else I should do? I'm a little worried as i'm not too sure how someone got in my account.
9 breaches…guess i'll be busy changing passwords in multiple sites..
wait i'm still hungry lol
i hope you get diabetes with all the quarter pounders and frappes you ordered!
how does this site work, i have 8. have i just be pawnd for using haveibeenpawnd or is it real? how can it scan every single site in a 1/20th of a second and know which ones somone else signed on and not me?
It's the number of sites that leaked emails and passwords that includes your email. The leaks are usually taken down quickly but until then loads of people had access to it, and they may use that email/password combination on other sites, so if you repeat your password a lot you could be hacked in many places.
If you've ever connected to any shared wifi then change all your passwords. It's crazy the amount of people who think it's safe to connect to a business that is supplying free wifi for customers.
a huge wake up call for me. Thanks!
What if you use it purely for googling or apps? Ie. Not logging into or signing up to anything except opening insta/fb app etc
The only safe way is to use a VPN.
Most websites these days use https for everything. Pretty much everyone (except for maybe the dodgiest of dodgiest sites) uses https for login pages… it's very unlikely you will lose your passwords through public wifi. Don't let the VPN sales people tell you otherwise.
EDIT: Let me clarify what this means. https means that everything is encrypted from your browser to the website you are talking to when you provide your password. No-one in between (not even the WiFi provider or ISP) can view the communications and what's in it, therefore your password is safe.
And when the criminals redirect you to a phishing site that looks real with a real certificate as happens all the time?
People also spoof a public wifi, so you think you're joining the business wifi but you're actually connecting to theirs with a similar or same name. SSL sniffing is more common than people think also.
I agree don't listen to the VPN sales people. Just protect yourself by ensuring you have enough mobile data that you don't need to connect to any public wifi
I won't downvote. On the contrary I'm upvoting because you're right… this is a real risk. It happens when you visit a page that is http only and the WiFi provider intercepts and delivers you a fake page, redirecting you elsewhere. This (and other reasons) is why any website that you login to should use https all the time, not just for a login page.
Users can mitigate this by checking they are on the legitimate website before logging in (password managers can do this for you - another reason to use password managers) and you can also use it by using a browse plugin like 'https everywhere' that will force you to use https for every page (where supported) regardless of whether or not the website requires it.
Man in the middle attacks can happen too if you're not vigilant.
Do people still bother with free wifi and it's usually crap speed, with all the data available on phone plans now?
It's useful if you're travelling over seas.
Was it the hamburglar?
Have you contacted your card provider to initiate the relevant chargebacks?
No I didn't think they would in this situation. I thought only Mcdonalds would be able to do that?
The card was used fraudulently, long story short.
The holder of the card should be the person/party that lodges a chargeback.
If these purchases were on your card without your authorisation, it is on you to get your money back. As far as the business is concerned, they have been paid for goods that they have subsequently supplied.
^^^ this, you need to inform your credit card company/bank ASAP.
contacted the bank, nothing they can do cause it was from an app.
however mcdonalds will give me a full refund. :)
@John Kimble: I’m only the messenger boy but their exact words was
“Because the card information was stored inside the application we won’t be able to assist you with a refund. You will need to contact McDonald’s”
@halfaznpersuasion: Strange answer. It’s an unauthorised transaction. Shouldn’t matter how if happened, unless you were negligent.
Most Maccas have CCTV at the counter these days? Contact the store ASAP?
Haha
You’re making this seem like a murder case or something.
Relax, no one’s going to pull out the tapes because Jack Piper from the state school down the road managed to hack into someone MyMaccas account and bought $50 worth of inedible substances through it.
You might be surprised. I'm aware of at least one situation at a local Maccas where a person bought goods using a stolen card to the value of < $20 and the coppers did get them to pull up the video to identify the kid. Successfully caught the little prick at KFC the next day, too. Apparently all the local fast food joints share "intelligence".
The perp will be facing the food court in the New Year. Will probably get their just desserts.
Were you passwords easy to remember or default? like "PASSWORD"?
Probably time to use a passwords management tool.
heh i guess it was easy to guess…wasn't password but i'm going to use a password management tool now :)
At which store was the order placed?
Did you go and collect?
the person did. order is in the same state
contacted the mcdonalds support (leave feedback). Is there anything else I should do?
Contact McDonald's Australia via phone, to get an immediate response and to ensure you speak to the right department etc. I'm not sure where your 'feedback' from goes, probably just to the store.
If maccas refuses to sort it out to your satisfaction, go to your bank and do card chargeback for the refund.
Just had this happen to me, 3 orders within a few mins and money taken out of a card attached to the app
You probably used the same password in multiple places. Check haveibeenpwnd.com