Submitted via IRC for SoyCow1984
It's unclear if there is one mysterious Hamburglar hacker or multiple scammers, but for months, users of the Canadian McDonald's app, "My McD's," have been complaining about someone gaining access to their accounts to fuel their feeding frenzies.
Last week, Canadian journalist Patrick O'Rourke, managing editor of Mobile Syrup, became the latest known victim of this scam and published an account of his experience. Somehow a hacker gained access to his My McD's account, which was attached to his Mastercard. The app had a transaction failure the first two times O'Rourke tried to use it, he said, so he gave up on it. But over the next two weeks, someone else used it for their McBender—spending $2,034 CAD ($1,509 USD) on more than 100 meals of Big Macs, McFlurries, Chicken McNuggets, and poutine.
Source: https://gizmodo.com/hungry-hackers-use-mcdonalds-app-to-steal-1-500-in-fas-1834381636
(Score: 4, Interesting) by donkeyhotay on Thursday May 02 2019, @02:33PM
Actually, that's a very reasonable question. I trend I'm noticing, even at my own company, is a tendency to develop in environments that are increasingly abstracted from the actual code, with the downloading of anonymous "widgets" from unknown "app stores", combined with an over confidence in agile methodology, which slaps apps together very quickly with a mere soupçon of testing. The result is a lot of mysterious bugs and other strange behavior that spookily comes and goes. We used to call them "phantom gripes". Every object in an app is just an abstraction, and if you can get weirdness with order numbers or addresses, why not credit card numbers too?