Toronto Man Scammed Over $2,000 by McDonald’s Mobile App

[hatshepsut93]

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.

In centralized payment systems part of the burden of security always lies on the central entity - if they get hacked, the users will suffer, while in decentralized system like Bitcoin the whole burden lies on users - the system as secure as the people who manage private keys. So at the first glance it looks like decentralized system is more secure, but the centralized system can often roll back transaction, block accounts, track money and take other measures - this can be used for bad things, like being overly suspicious and creating obstacles for innocent users, but it can also be used to recover stolen funds or prevent thefts when users make mistakes.

I don't think that we as crypto users are in right position to point fingers at centralized payment systems when it comes to security, when our own security remains very hard - almost every day someone comes to this forum or other platform and wonders why their coins are suddenly gone, only to realize that they've been robbed because they've installed a fake wallet or got malware, and there's 0% chance they'll recover their money.

[1714847887]

1714847887

[1714847887]

1714847887

[1714847887]

1714847887

[stompix]

It is possible mcdonald's app thieves hang out in a nearby parking lot with a laptop running a WIFI packet sniffer recording all mobile app transactions. The data would be encrypted but depending upon the strength of the encryption utilized it can be vulnerable to attack. Similar methods have been utilized to rip RFID financial data from credit cards and chips with RFID enabled.

Or it all could be far far less complex...
https://gizmodo.com/hungry-hackers-use-mcdonalds-app-to-steal-1-500-in-fas-1834381636

Last week, Canadian journalist Patrick O’Rourke, managing editor of Mobile Syrup, became the latest known victim of this scam and published an account of his experience. Somehow a hacker gained access to his My McD’s account, which was attached to his Mastercard.

As O’Rourke points out in his piece, this statement from McDonald’s suggests that a major cause for the breaches is weak passwords. But since O’Rourke found dozens of tweets about similar My McD breaches, he is suspicious about the company blaming users’ password practices.

Check the bolded part, he didn't deny the weak password thing, he simply accused a flaw with the system.
I'm betting two satoshi his password was hamburger!!!

Also:

His bank refunded the money,

Besides, the thief could be easily identified, they have the purchase time, they have cameras..really it is worth for a few free hamburgers

Also, how the hell does someone spend 2 thousand dollars on mcdonalds? Like it is one of the cheapest food places in the whole world, even in countries where food could be more expensive (or cheaper doesn't matter) mcdonalds usually rank at the top of the list for cheap food places.

So, when you spend 2000 dollars on mcdonalds in Canada Toronto that is like probably over 100 burgers, which means either the person didn't actually buy the burgers but there was an inside job where cashiers help him get cash and pay with app and they made some money too, or dude didn't realize he was being robbed for weeks even months before he realized it.

Most likely the gizmodo assumption is correct, they've shared his login details on some website and people just helped themselves


Also, loooooool

@McDonaldsCanada so now that you've stopped replying to my emails I'm back to Twitter since you have yet to resolve my fraud issue with your stupid app. Glad to know that I'm not crazy now that other people are going though the same bullshit!

[Gibreil]

Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’

This is just another example why many of us feel like nothing can be safe in our interconnected and online world as there will always be weaknesses, vulnerabilities, bugs, back door exploits and similar problems that can affect any system. At the end of the day, the consumers are the ones bearing the burden as these big corporations can take time to solve similar incidents. I am looking forward for the time when the blockchain technology can be utilized to safeguard and secure these payment facilities so that we can enhance the trust and confidence of them...this news is not serving well for the mainstream adoption of bitcoin and the likes as third party infrastructures can be exploited by genius hackers and scammers.

You are right man! this is the disadvantage of online payment. You can easily steal buy scammers and hackers without knowing that your money gone. It is unsafe for us because many people can hide their anonymity and personal identity. In that case, we do not know if we send the right person or not. In addition, they can imitate the other backgrounds or information about the merchandise that we will purchase our stuff. I wish this incident will not happen again.

[guoyu78]

They should be blamed for not working on their app security. And I think some people are really making huge mistake, once I notice things like this happening, I would just give up on it and delete their app before I become their next victim. What if they are the ones doing it?? Maybe there's an error in their app and it keeps debiting users and charging them for orders they never made? You never know. They really should take security serious and stop causing people unnecessary problems unless they are ready to pays back everything that was lost.

[samcrypto]

They should be blamed for not working on their app security. And I think some people are really making huge mistake, once I notice things like this happening, I would just give up on it and delete their app before I become their next victim. What if they are the ones doing it?? Maybe there's an error in their app and it keeps debiting users and charging them for orders they never made? You never know. They really should take security serious and stop causing people unnecessary problems unless they are ready to pays back everything that was lost.

That's the problem with the mobile app because it can easily be hacked sad thing is that, if they can't handle higher security then they might stop using cryptocurrency as mode of payment. Mobile apps of any business should be more secured especially with the banks or even fast food chain, I'd rather pay in cash than to use any application which I can't trust the provider of that Apps. This should become a lesson for everyone, you have to limit the amount of transactions on any Mobile apps and never to connect your credit card or any financial system.

[davis196]

I'm sure that the victim of the scam could easily file a chargeback and get his money back.
There are many cases of credit/debit card scam/fraud but unlike crypto frauds the people that were scammed can get their money back.We can't judge that MacDonalds will start implementing blockchain technologies and crypto payments just because of one scam.

[fullhdpixel]

They should be blamed for not working on their app security. And I think some people are really making huge mistake, once I notice things like this happening, I would just give up on it and delete their app before I become their next victim. What if they are the ones doing it?? Maybe there's an error in their app and it keeps debiting users and charging them for orders they never made? You never know. They really should take security serious and stop causing people unnecessary problems unless they are ready to pays back everything that was lost.

If you are to blame them, then you should blame the application developer who gave chance to it. It is actually not so easy though when it comes to application coding, it really requires experts to handle it and even these hackers too are experts whom most of them are usually in the same field with these security experts too,

They all know their coding secret which could be cracked at any time. The only way to avoid this hacking is either the hacker doesn’t have interest in hacking the company or they get guru, I mean guru to handle their project provided they can pay for the guru services.

[kryptqnick]

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.

Countries like sweden which are lean heavily towards cashless societies and RFID implanted chips to execute financial transactions could be vulnerable to the type of attacks exploited in mcdonald's payment app. That's another news story relating to potential vulnerabilities which could use more coverage than its receiving atm.

The discussion you are relating to also shows some struggles with adoption. The Forbes article on acceptance of Bitcoin says that while some big companies accept such payments, they do not admit it. This might suggest that they feel ashamed for doing it as if Bitcoin was a bad thing. Turning to the McDonald's case, I am disappointed that such a huge company is trying to point fingers in other directions instead of compensating the users of their application and investigating the reason behind the attacks. Certainly, hijacking access to a Bitcoin wallet would be harder and this could be a benefit for customers.

[rizkyhiw]

It is regrettable in the incident and we cannot blame it, of course it is true that the application development team must be responsible for the unexpected theft that happened lately, but hopefully this will be a very fast solution and fast handling too and if it will continue, there must be a second layer of security or improve the existing system, not a big problem because accidents are very difficult to predict.

[Kakmakr]

The thief will most probably die of serious medical conditions after he ate all those hamburgers. The 2004 documentary Super Size Me followed documentary filmmaker Morgan Spurlock as he ate three meals a day at the fast-food chain for 30 days. He gained almost 25 pounds and was told he suffered from irreversible heart damage. Source : https://www.cosmopolitan.com/food-cocktails/a9231619/mcdonalds-for-five-days-straight/

It just shows you that every payment method has exploitable vulnerabilities and that centralized payment methods have the same problems, because human interaction is part of the problem. 

[eddie13]

LOL, HAMBURGLAR! That is freaking funny I don't know where these people get these nicknames from but that is awesome .

Waaaaattt??

[uneng]

I think to adopt blockchain or not in this case is just a small detail. The fact is that Mcdonalds will have to compensate the amount scammed to the victims, doesn't matter if it happend due to the weak passwords or due a total system flaw. The customers won't have any losses.
It's a centralized system, but it works anyway: Mcdonalds will have to improve their app, then they might consider blockchain and bitcoin adoption as a possibility, otherwise they will continue having a fail system which will cause several losses and bad news for their business.

[TheCoinGrabber]

Is there anything the man could have done to protect himself when he linked his debit card to the McDonald's app? Like, could he have used a different debit card with a lower cap?

Also with having a crypto-based payment system instead of what Ronald have now, how is that going to be more secure? Someone for example can still just use the login details and pay with the victim's crypto.

The thief will most probably die of serious medical conditions after he ate all those hamburgers. The 2004 documentary Super Size Me followed documentary filmmaker Morgan Spurlock as he ate three meals a day at the fast-food chain for 30 days. He gained almost 25 pounds and was told he suffered from irreversible heart damage. Source : https://www.cosmopolitan.com/food-cocktails/a9231619/mcdonalds-for-five-days-straight/

It just shows you that every payment method has exploitable vulnerabilities and that centralized payment methods have the same problems, because human interaction is part of the problem.  

Serves those thieves right. Hope their arteries are blocked now.

LOL, HAMBURGLAR! That is freaking funny I don't know where these people get these nicknames from but that is awesome .

Waaaaattt??

This little guy is the first thing that came to my mind when I saw the title.

[ecnalubma]

Well there are a lot cases will likely to happen specially not all people are aware of the modus operandi of criminals on the internet. As day by day our technology keeps on advancing we need to self educate ourselves and stay vigilant when it comes to securing our identities and financial information.

[DigitalGemToken]

All these scams, hackers and bad actors are what's making the current cryptocurrency market dry up.

It makes legitimate project like our's harder to find potential interest because of all the many scams out there.

I really don't like it because it turns people away from technology and dampens the advancement of technology whether it's new apps or new cryptocurrencies or just new technology in general.

-------------------------------------------------------------------------------------------------------------------------------
Digital Gem Token - Mainnet 100% Live

A decentralized open source store of value cryptocurrency that is more environmentally friendly and scale able than Bitcoin.

The inflation rate is 0.25% per year and uses the Delegated Proof of Stake consensus mechanism.

Website: http://www.digitalgemtoken.com
Block Explorer: http://www.explorer.digitalgemtoken.com:4200/#/
Wallet: Integrated with the Ark.io Wallet
Discord: https://discord.gg/hNcFgb3
Bitcointalk ANN: https://bitcointalk.org/index.php?topic=5149229.msg51287198#msg51287198

[ricardobs]

And that's it, nothing was done and McDonald's just got more rich for free, lol. And his not even the only one that has had such problem of money mysteriously stolen from their McDonald's app. McD is just going to keep claiming that it is the work of hackers when they know fir sure that it is a bug in their app. So how would a hacker just hack into your account just to purchase food, lol, that's really funny. Whatever it is that is happening, they know about it and will still be pretending that they don't know anything about it. It's best not to make use of those apps. Just delete your account and be safe.