Attackers have learned to order McDonalds branded hamburgers at someone else's expense
Clients of a global brand using the McDonald's online application have lost money from their bank cards linked to the service. Unknown attackers with excellent appetite were able to place orders for several thousand dollars at someone else's expense. The vulnerability of the My McD's service allowed hackers to pay for purchases from other users' cards. Despite the fact that the victims, who sometimes lost several thousand dollars, are quite a few, McDonald's is confident in its innocence and reliability of the branded online service, "turning the arrows" to the bank that issued the cards. This situation, as a result of which the popular app for ordering food was in an unpleasant position, affected only the residents of Canada. At the same time, their location within the country did not play any role, users who could live at very distant distances from each other suffered from the illegal write-off of money. One of them was an attentive customer of the service, from whose card several thousand Canadian dollars were lost. A user who used the McDonald's application noticed that more than 100 "left" orders were made from his personal account. All of them took place over several days in a row at about the same time. In addition, the breaks between such orders were less than 10 minutes, from which the client assumed that his profile in the application was hacked by one person who in a friendly way shared his data with his accomplices. The victim revealed a pattern that the withdrawal of money from his account was usually preceded by a failure in the service, when he could choose the dishes he liked, but his payment was interrupted by a refusal to carry out the operation. Representatives of the global company know about what happened, but do not admit their guilt. In their opinion, the McDonald's app has nothing to do with it. The company is confident in the safety of the branded service and does not take on the solution to the problem. McDonald's Canada is also not going to reimburse funds from accounts, inviting its customers to apply for a refund directly to the bank that holds their card. The problem with My McD's, as it turned out, is not the first time it has happened. Up to this point, a video was gaining popularity on the network, where two resourceful Australian residents "on their fingers" showed how to get a free hamburger using the vulnerability of the McDonald's electronic service. They were helped by a flaw in the electronic ordering system using the terminal. As an example, lovers of the company's products ordered 10 branded hamburgers. Each of them was conditionally estimated at $ 1. Then, in the settings of their order, they managed to reduce the price of each item by $ 1, abandoning cutlets. As a result, the system estimated them at - $ 1, after which they added one full hamburger to the order for $ 1. The total cost of their order turned out to be $ 0. The video turned out to be trending, gaining several million views. But not everyone found this instruction useful. Thus, residents of the United States and Germany (apparently trying to repeat the same thing) noted that such a system does not work in their countries. Other countries, including USA, did not share information on the practical verification of such a possibility to bypass the electronic ordering service in their favor. The Topic of Article: Attackers have learned to order McDonalds branded hamburgers at someone else's expense. |
