Hackers are Gaining Access to McDonald’s Users Credentials to Place Fraudulent Mobile Orders

Are you using the McDonald’s app to save money or to place mobile orders? We have and we love it; however, it isn’t as secure as you think it is. Yes, you heard me correctly. The McDonald’s app has security flaws and you should be monitoring your account closely.

In the last 6 months, my husband’s account associated with the McDonald’s app has been hacked twice. Yes, twice. Both times, the hackers charged over $25.00 worth of food using the credit card information that is stored within the app. The first time, my husband canceled his debit card thinking that the hacker had his card information. After he cancelled his card, he later discovered that they didn’t have the actual card and that his McDonald’s app was hacked.

On Friday night, we were sitting in bed watching television when a notification from the bank popped up with a charge to McDonald’s in California. Mind you, we live near Fort Worth, Texas. My husband logged into the bank app to confirm the charge and to get the merchants phone number.

He immediately called the store in California and asked if the food has been delivered to the “hacker” yet. Thankfully, we were able to stop the order from going out to the hacker this time. The first time, they got away with “free” food. My husband was informed to contact the McDonald’s fraud department and he was told that we had to dispute the charge with our bank.

Current Password Requirements for Creating an Account to Use To Access the McDonald’s App

McDonald’s app requires that your password be between 6 and 12 alphanumeric characters and must contain at least one lowercase letter, one uppercase letter, and one number. It doesn’t allow you to create secure passwords that aren’t easily cracked. Without the ability to use special characters or longer passwords, the password that you create when you sign up isn’t strong enough to keep potential hackers out.

What Makes a Password Strong?

To create a strong password, the app should give you the ability to make longer passwords using a mix of letters (upper and lower case), numbers, and symbols. You also don’t want to use any personal information of any form when you select a password. Also, skip using words that are easily guessed or are in the dictionary.

You can use a password generator to create a strong password if you need help or you come up with a sentence to help you remember your password. For example, use the sentence: Walmart takes @ll My $ after Payday 2. Your password would be [email protected]$aP2. Keep in mind the longer the password the better off you will be as long as you use a combination of upper and lower case letters, numbers, and symbols.

Use Facebook or a Google Account to Login to the McDonald’s Mobile Ordering App

McDonald’s app does give you the ability to use your Facebook API or Google api when you sign up for an account. I’ve always logged into my McDonald’s app using the Facebook API. Using the API, should help keep your account safer but even that can be hacked if you aren’t using strong passwords. So far, my account hasn’t been compromised yet. In order for someone to hack your McDonald’s app using Facebook or Google, they would have to be able to hack your account.

Do Monitor All Apps That Require Financial Information

With technology and unsecured apps, it gives cybercriminals and hacker’s access to more financial data. It is almost a dream come true for them while it is a major annoyance to us. Once you discover that your financial information was stolen, you have to spend several hours on the phone with your bank to report the fraudulant charges and requesting a new card or bank account number.

They are able to hack people’s username and passwords or even gain access to your credit/debit card or even your bank information. Once they have your financial information, they will attempt to make fraudulent charges costing businesses more than $445 billion dollars annually.

It is important that you monitor any app that has access to your financial information such as the McDonald’s mobile ordering app. Careful monitoring can help you catch fraudulent charges quickly. See if you bank allows you to sign up to receive push notifications every time there is activity on your account. If it wasn’t for the notification from the bank, my husband wouldn’t have likely caught the charge quickly or he might have missed it all together.

How to Avoid Fraudulent Charges Using the McDonald’s App

To protect yourself from potential fraudulent charges when using the McDonald’s app, we recommend that you follow these tips.

  • Don’t store your credit card number in the app.
  • Create your account and only use the coupons when you order in the drive thru or at the front counter.
  • Delete the app entirely.
  • If you want to use the mobile order, it appears that using the Facebook API seems safer (knock on wood). But it is important that you continue to monitor your account.

Don’t be a victim and let hackers have access to your McDonald’s mobile ordering and pay app. As I mentioned earlier, my husband’s account has been hacked twice and both times the hacker purchased over $25 worth of food. According to the store manager, my husband’s account isn’t the only one that has been hacked by cyber-criminals. McDonald’s should be taking preventative measures to help keep your account information from falling into the wrong hands. Fraudulent charges will eventually cost consumers more money when businesses are forced to raise their prices in order to offset the real cost of dealing with cyber-criminals.

Are you currently using the McDonald’s app? Have you become a victim of fraudulent charges?


Christy has been married to her husband for 10 years and has three children. She has over 22 years of parenting experience, including parenting as a young mom and a single parent. When she isn't writing, you can find her coloring, playing Candy Crush, and listening to Taylor Swift.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *