MyMacca's App Login Hacked

Elitebhy on 07/03/2022 - 16:24

Got an email on Saturday thanking me for my $66 order at McDonalds in Redcliffe QLD, only thing is I am in NSW.

I thought it was one of those spam/scam emails baiting me to change the password until I checked my Amex and the charge is real.

I then got a second email 5 minutes later for another $43.70 order in the same place.

I proceeded to delete my saved amex card and change the password.

Called Amex to dispute the charges, report it as a Cybercrime and made a complaint with McDonalds.

I can see that McDonalds have implemented two factor authentication is other coutries such as Malta and the UK but not in Australia. I read that this has happened to another user just two days ago.

Food & Grocery

Related Stores

McDonald's
McDonald's

Comments

  • Hybroid on 07/03/2022 - 16:26
    +6

    Check if you are listed on the database here: https://haveibeenpwned.com/

    • soundboy5010 on 07/03/2022 - 16:40
      +2

      This.

      Chances are your account was accessed via an old exposed password. Not really McDonald's fault, but agreed that 2FA would have prevented this from occurring.

  • AustriaBargain on 07/03/2022 - 16:28
    +1

    $100 worth of Macca's must really fill a hole.

    • Nugs on 07/03/2022 - 17:33
      +3

      240 nuggets
      .

      • original15 on 07/03/2022 - 18:35

        Challenge accepted

        • your name checks
  • Shoppingisfun on 07/03/2022 - 16:34
    +5

    Someone hacked my Boost Juice account a couple of weeks ago and stole my free Boost!!
    So mad :((

    • Kangal on 07/03/2022 - 22:39
      -1

      Username checks out

  • Hithere on 07/03/2022 - 16:43

    made a complaint with McDonalds

    They won't care.

    I had the same thing happen to me last year.

    I had two purchases from a McDonalds over 100 Km away from home made within a few minutes of each other.

    My bank refunded me no problems but when I contacted McDonalds just to let them know about it their attitude was "What do you want us to do about it?"

    • GG57 on 07/03/2022 - 16:47
      +2

      It probably depends on who/where you contacted McDonalds.
      A store is not going to be able to do anything. But the right person at McDonalds Australia (or whatever it is) should be able to do something.

    • bmerigan on 07/03/2022 - 22:49
      +2

      What do you want them to do about it though?

      • hasher22 on 07/03/2022 - 23:12
        +1

        free nuggets

  • Ryanek on 07/03/2022 - 17:06
    -1

    So yeah, I would suggest everyone delete the app asap.

    • dust on 07/03/2022 - 17:19
      +3

      Why? Maybe just don't reuse passwords?

      • Ryanek on 07/03/2022 - 17:53

        Lack of 2 factor auth

        • eug on 07/03/2022 - 20:25
          +4

          If you don't reuse passwords, how would they steal your unique maccas password to even reach the 2FA step?

    • MS Paint on 07/03/2022 - 18:13
      +3

      Just remove payment method

    • Hithere on 07/03/2022 - 18:14

      I uninstalled the app the same day.

      I rarely go to Maccas anyway and if I do it's only for a coffee so I haven't missed out on too much.

  • markathome on 07/03/2022 - 17:18
    +2

    Just deleted my payment information based on this post. I don't usually approve apps to keep it but obviously I did let it through for this one.

    • solidussnake on 07/03/2022 - 20:43
      +2

      Same ! thanks for the heads up OP 👍

  • DashCam AKA Rolts on 07/03/2022 - 18:12
    -8

    TIL: people buy Macca's :-( and use an app with saved CC or debit card. >:o

  • AndyC1 on 07/03/2022 - 20:46
    +2

    Seen posts before about this same thing, so nothing new.

  • Elitebhy on 10/03/2022 - 16:46

    Amex is trying to wiggle out of this one, disappointing.

    McDonalds is useless and profits from this.

    • eug on 10/03/2022 - 17:12

      Was your password used on another site?

  • prequel2thesequel on 10/03/2022 - 18:03

    What a joke, can’t believe amex won’t refund you….
    I’d take this to the ombudsman.

    Makes me weary of using their app

  • Euthyphro on 11/03/2022 - 16:15

    Did you use the same account information (username (email address) and password) from another website? If so, it means that account has been hacked.

  • mickmac on 15/03/2022 - 10:57

    This has just happened to me as we speak. 2 orders off the MyMacca’s app.

    • eug on 15/03/2022 - 12:11

      Was your password reused on another site?

      • mickmac on 15/03/2022 - 15:51

        As in the same password for something else? Yes, probably. Changed them all now though.

        • eug on 15/03/2022 - 16:11
          +2

          OK that's good to know. If it was a unique password then it would have been more worrying as that would point to something with the Maccas app or backend being compromised.

  • RichardZed on 22/06/2022 - 20:04

    Seems their app has a vulnerability , https://tij.me/blog/stealing-passwords-from-mcdonalds-users/

Login or Join to leave a comment
Login Join