McDonald's customer database hacked

Following the previous week of DDoS attacks and the database leak of Gawker, McDonald's has fallen victim to a similar fate. McDonald's is now warning customers that signed up for any promotions or registered at any McDonald's online site that their email addresses and other personal data has been obtained by an unauthorized third party.

The fast-food restaurant placed up a FAQ page on their website regarding exactly what was breached in the attack. Included with the unauthorized access to customer emails, the third-party also got names, postal addresses, home or cell phone numbers, birth date, gender, and information about promotional preferences or web-based interests. Social Security Numbers and credit card numbers however were not included in the security breach as McDonald's does not store that information.

The data collected was from users who registered on one or more of the following McDonald's websites: McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, or meencanta.com. These are the websites dealing with promotions offered by the company.

McDonald's has stated that if you are affected, they will attempt to send you an email stating that your information was compromised. This data was strictly information used on promotional sites and does not include enough to commit identity theft.

McDonald's has aslo been working with law enforcement authorities to investigate the matter. They warn multiple times to not give any personal information to anyone who may be posing as a McDonald's official as the company will never ask for that information from you, and that instead you should report the phishing attempt to 800-244-6227.

While there is no solid evidence that the same group has been behind all of these attacks, the point has been made that our data is not as secure as we once thought it to be and new security measures for protecting databases should be instated. McDonald's takes this matter very seriously and is doing what they can to find those responsible.

Report a problem with article
Previous Story

Lead Gmail developer predicts Chrome OS' death

Next Story

Silverpop's database exposed, deviantART email addresses leaked

36 Comments

View more comments

NeoRaZor said,

There, fixed that for ya.

No... he had it right the first time, "I'm Loving It!" is one of their slogans.

Tanshin said,
You can also add DeviantArt to the list as well. This is getting borderline ridiculous.

A message from DeviantArt popped up in my Spam folder to tell me this. Luckily I didn't give them too much information.

iamawesomewicked said,
... wait... McDonalds has a customer database? Since when?

"customers that signed up for any promotions or registered at any McDonald's online site"

it'd be more interesting if somehow someone hacked the ordering system and gave everyone the wrong order.... hacking/cracking is getting old....

I really think there should be some legislations passed that entitles a user of a service to close their account and have all data removed from a website.

Makes me wonder, are there any safe guards to protect against such attacks or is everything hackable? This is real serious stuff as some users use the same password for all of their accounts. That means the hackers can do a lot of damage to someone's e-mail account.

WV2MJR said,
Makes me wonder, are there any safe guards to protect against such attacks or is everything hackable? This is real serious stuff as some users use the same password for all of their accounts. That means the hackers can do a lot of damage to someone's e-mail account.

Everything is hackable. You can tell if your password is vulnerable by using the recovery functions of a site. If it ends in you having to reset your password, it means your password is encrypted on their end and they can't give you your password because they can't decrypt it. If they can tell you your password in any way, its not secure.

Commenting is disabled on this article.