Sydney man’s McDonald’s app hacked with 100 bizarre nuggets ordered

He received a notification on his banking app alerting him that almost $40 had been spent, but he was “confused” because he hadn’t been to McDonalds.

Then the sound app MyMacca also rang.

“I got a receipt through the app saying I had bought some food so I quickly logged in thinking someone had stolen my bank card and saw the purchase had been made in Victoria which was impossible as I am from Sydney and had not left the state,” he told news.com.au.

The editor discovered that a bizarre order from the hungry pirate had also been placed at the fast food giant.

Nearly 100 nuggets had been bought with his money, along with a bunch of sauces including aioli, sweet and sour and spicy mayonnaise.

“There were four packs of 24 nuggets ordered and they had changed my name to Gibby Gimp,” he said.

“The person had obviously found my password for the MyMaccas app and my card details were linked and they had gone to make the purchase and made off with the merchandise – that was a little worrying.”

The 25-year-old made a frantic call to McDonalds, which he said was helpful, but was told he couldn’t refund the money and would close the account instead.

He then contacted his bank and had a nervous wait to see if more money would be taken.

“It was a very stressful experience, obviously it’s a bit scary when your data is taken and someone spends your money,” he said.

“I went to change all my passwords because I had used the same email and passwords since I created one when I was 12. So I went through and diversified my words hoping that something like this wouldn’t happen again.

“I was waiting for more notifications and expecting other things to get hacked as well and it was going to continue, which was the most stressful part.”

Days later, Mr Fletcher got a refund on transporting 100 nuggets from the pirate, but he said it was a huge red flag.

“All it takes is one leak in the same place and everything is at risk if you use the same password. I don’t know where it started and where they got their information, but it definitely sparked something,” he said.

“I realized I hadn’t been smart about setting up my accounts. I needed to set up different passwords and have stronger passwords and make things harder to guess. The password I had was something really basic and I used it on every platform, so I was preparing for that to happen.

“I was lucky it was $40 and someone was buying nuggets instead of taking $1,000.”

Two years after the experience, Mr Fletcher said he could see the ‘hilarious’ side of his hacking experience and the jokes that they could have at least ordered a burger too, but realizes he has was lucky because it could have been much worse.

“It freaked me out a bit and honestly I have other food apps, I have the one from KFC, Uber Eats and Deliveroo but MyMaccas is one I can’t bring myself to go back to – this experience m ‘has burned for life for now,’ he said.

“If I’m looking for nuggets, I’ll go ask for them and I won’t order on the app.”

According to internet security firm Avast, one in 20 Australians has been the victim of a password theft scam like Mr. Fletcher.

According to a recent Global PC Risk Report, one in 10 Australians admitted to logging into online shopping or payment accounts using the same login credentials as their social media or email, opening up new potential attacks by 50%.

“Ultimately, while phishing, malware and Trojan horse attacks are on the rise, the number one cyber threat to Australians is actually a lack of cyber awareness when logging on or using their devices, with many disregarding how easily they could become victims of cybercrime.” said Stephen Kho, cybersecurity expert at Avast.