The McDonald’s app is fine, right? I mean, it’s worth stanning for those days when you don’t want to interact with another person, but you also don’t mind leaving the house to pick up your own McNuggets meal.
But one Nova Scotia woman says that an Extra Value-loving rando was able to hack her McDonald’s app, and this as-yet-unidentified person spent almost $500 of her money on fast food during a five-day period. (It’s little consolation to someone whose bank account has just been emptied, but if this thief seriously downed $100 worth of McDonald’s in a day, there’s no way he’s not dead right now).
“It's amazing to see how quick someone can just breach your privacy,” Lauren Taylor told CBC News. “[R]ent is three days away and now I have to find the money. It's a good thing that I live with family. Otherwise I'd be out.”
Taylor confirmed that she received almost 20 emails with the subject line “Here’s Your My McD’s Receipt”—and two more that began with “ Lauren, nous avons réinitialisé votre mot de passe” (Lauren, we have reset your password)—but she didn’t check her inbox for a few days, so she missed them.
CBC News reports that this mystery eater’s meals included “large fries, Big Macs, poutine, junior chicken meals, Filet-O-Fish sandwiches, McDouble burgers, bacon and hashbrown McWraps, Egg McMuffins and hot cakes.” The purchases were made at five different McDonald’s locations in Montreal—a city Taylor says she’s never even visited.
“This is an app that's supposed to be secure," she said. "So why do I live in Nova Scotia and why is my card being used in Quebec? That's crazy." Taylor has filed a police report with the Halifax Police Department, and has reported the fraud to her bank.
“We take appropriate measures to keep personal information secure, including on our app," a McDonald’s Canada spokesperson said. “Just like any other online activity, we recommend that our guests use our app diligently by not sharing their passwords with others, creating unique passwords and changing passwords frequently." (MUNCHIES has reached out to McDonald’s Canada for additional comment.)
Earlier this week, a woman in Ontario said that her McDonald’s app—and her bank account—had also been used to buy almost $100 worth of food in Laval, Quebec. “I thought it was an error at first because I couldn’t believe that I’d place four separate orders all to the same McDonald’s within minutes of each other,” Patty Duke told CTV. “It didn’t make a whole lot of sense.”
She says that a McDonald’s customer service rep told her that “this has happened before,” but she later got a form email from the company telling her that there had not been any system-wide security breach, so essentially it had to be her own fault somehow.
But this does seem to have happened before, to other Canadians who use that app. In October, a user named RyanS219 started a thread on a site called RedFlagDeals after realizing that his RBC Mastercard had been used to buy someone else’s dinner. “Last night I noticed two charges were made on my RBC Mastercard for two different McDonald’s locations in Ontario (I live in Newfoundland),” he wrote. “I contacted RBC this morning and they said that it isn't their responsibility to cancel the charges and that McDonald’s would need to refund me the money.”
Another person added that he’d been charged for an order placed at a McDonald’s in Montreal at 3 AM, while he’d been asleep at his home in Quebec City. “They also said they can reimburse me if I go in person,” someone called HyperTech wrote. “I said I am not gonna drive 3 [hours] and spend $60 of gaz [sic] to have $10 reimburs [sic].”
Fortunately, both Lauren Taylor and Patty Duke were able to get their fraudulent charges refunded through their banks. And maaaybe we’ll just stick to UberEats when we want a damp bag of 2 AM fries.
This article originally appeared on Munchies US.