McDonald’s Keeps Touting Security of Mobile App After Credit, Debit Cards Hacked

The McDonald’s Canada’s MyMcD’s mobile app has been compromised many times, with victims seeing unauthorized charges via their stored payment method within the app.

We first heard of people getting their accounts hacked within MyMcD’s app back in February of this year, but when reports of a technology writer losing over $2,000 in a recent hack via the app, the issue has now become mainstream. Despite public pressure, McDonald’s has not notified mobile app customers to change their passwords.

MobileSyrup editor Patrick O’Rourke spoke with CBC News and provided an update on his over $2,000 lost when his BMO debit card was compromised via the MyMcD’s app and he didn’t notice the over 100 email receipts, because they were in an ‘Updates’ section of his inbox.

He says his bank has since refunded his money, and McDonald’s was not helpful at all during the ordeal. As for others, they have not been so lucky.

“My big thing for me with this, is like, sure my password likely was not incredibly secure, it was probably just the same thing that the average person would have as their password for something,” O’Rourke said to Canadian tech reviewer Matt Moniz in an interview. He believes the hack is part of some broader issue beyond these McDonald’s incidents.

Now, CBC News has dived into the McDonald’s saga with their MyMcD’s app. Despite reports of numerous people getting their accounts hacked, the fast food chain remains confident in the security within the app.

A spokesperson told CBC News they are confident in the security of the MyMcD’s app and they keep customer information secure.



Despite being aware of “some isolated incidents,” McDonald’s did not reveal how accounts are getting hacked. The company continued to repeat its boilerplate message of recommending customers come up with strong passwords.

“If guests notice any unauthorized purchases, we recommend they contact their bank and change their password immediately,” said spokesperson Adam Grachnik.

“Similar to other apps, we are constantly improving the My McD’s App and updating it with enhancements to make the user experience as strong and safe as possible,” added the spokesperson.

McDonald’s really needs to implement two-factor authentication or add Apple Pay as a payment method to its app. Nobody knows exactly how these hacks are happening, but the pattern involves stolen funds being spent at McDonald’s locations in Quebec.

If you want to delete your payment method from the MyMcD’s iOS app, tap on the ‘More’ tab along the bottom, then Profile and Payment Methods. Once you see your card, swipe to the left to delete it.

Have you had your payment method compromised in the MyMcD’s app?