I'm not lovin' it: Hacker orders 100 McDonald's nuggets from man's app

It was an un-Happy Meal for a Sydney man who was left empty handed when a scammer got into his McDonald’s account and put through a mac-nificent online order.

The Hamburglar made off with almost 100 chicken nuggets from an express store in Victoria before Freddie Fletcher was left grimacing.

“I received a notification on my phone from my bank app that I’d spent around $40 at McDonald's,” the 25-year-old told Yahoo News Australia, “which was actually a bit surprising because I wasn’t at McDonald's.”

25-year-old Freddie Fletcher (left) and the mymaccas receipt from a McDonald's store in Victoria (right)
Freddie Fletcher, 25, didn't realise he'd been scammed until he saw the bank app notification and McDonald's receipt. Source: Freddie Fletcher

While Freddie’s first thought was that he’d lost his wallet or his bank card had fallen out, he soon realised that he’d been hacked.

“I looked on the mymacca's app and saw that my name had been changed to Gibby Gimp and that I’d spent $40 at this random place,” he said.

Freddie's bank card had been linked to his mymacca's app for easy ordering.

“I then got the receipt through to my email. They’d ordered four packs of 24 – that’s 96 chicken nuggets – and 16 packets of sauces for $39.80.”

“It looks like they did a good job to get those, so I hope they enjoyed them.”

McDonald's sign and a box of chicken nuggets.
Freddie says McDonald's reviewed the incident but couldn't catch the hacker. Source: AAP/Getty Images

The McInvestigation

While Freddie’s bank worked to get the cash back, he says there was nothing McDonald’s could do to identify the perpetrators.

“As the purchasing process all occurred on the app, they [the hacker] simply walked up when their nuggets were ready and quickly made off with them.”

“Luckily the bank decided to refund me the money and now it’s just a wild story.”

While McDonald’s said it has strict, best-in-class cyber security measures in place to protect its app users, a spokesperson for the fast-food chain in Australia delivered this nugget of advice.

“In line with best practice, we encourage users to choose a unique password to protect their accounts across all digital platforms.”

Avast Cyber Security Expert Stephen Ko says many people don't know how easily they could become a victim of cybercrime. Source: Getty
Avast Cyber Security Expert Stephen Ko says many people don't know how easily they could become a victim of cybercrime. Source: Getty

Good passwords – Forget your dog’s name

Fortunately for Freddie his scammer hadn’t gone on a Macca's run but he says the incident was a big wake-up call.

“Prior to this, I had the same password for everything,” Freddie said, “and after a website confirmed that my password had been in a data leak, I immediately went through all of my subscriptions and changed them to individual passwords.”

He’s not alone, according to Avast, a cyber security software company, whose latest report shows that one in 10 Aussies sign in to online shopping or payment accounts with the same login details as their social media or email.

“Ultimately, whilst phishing, malware and trojan attacks are on the rise, the number one cyber threat for Australians is actually a lack of cyber mindfulness,” Cyber Security Expert Stephen Kho said.

He’s urging online users to make the most of a password manager, enable two-factor authentication, choose hard to guess security questions and not to store passwords in browsers.

Do you have a story tip? Email: newsroomau@yahoonews.com.

You can also follow us on Facebook, Instagram, TikTok and Twitter and download the Yahoo News app from the App Store or Google Play.