Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Internet Crime Technology

McDonald's Hacked and Customer Data Stolen 178

An anonymous reader writes "McDonald's servers were recently compromised and hackers were able to get access to customers' e-mail addresses, names, addresses, phone numbers, birth dates, genders, as well as certain information about their promotional preferences and Web information interests. The sites affected were: McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, and meencanta.com. The restaurant chain is warning customers to be cautious of anyone claiming to be from McDonald's contacting them by phone or e-mail, and asking for personal or financial information. McDonald's has also set up a FAQ page for affected customers with 13 questions and their corresponding answers." Update by KD : Weld Pond tweets: "Silverpop email marketer owned. Was email subcontractor for McDonalds and DevientART (13M users) and 105 other orgs."
This discussion has been archived. No new comments can be posted.

McDonald's Hacked and Customer Data Stolen

Comments Filter:
  • by turbclnt ( 1776692 ) on Tuesday December 14, 2010 @06:02PM (#34553950)
    I can has cheezburger?
  • Wait... (Score:5, Insightful)

    by Locke2005 ( 849178 ) on Tuesday December 14, 2010 @06:03PM (#34553956)
    Why would any sane person possibly give McDonald's all their personal information in the first place?
    • Re:Wait... (Score:5, Insightful)

      by wowbagger ( 69688 ) on Tuesday December 14, 2010 @06:08PM (#34554024) Homepage Journal

      "Why would any sane person possibly give McDonald's any of their personal information in the first place?"

      Fixed that for you.

      It's a damn burger, not a car - it's not like I have to finance the damn thing! I hand you money, you hand me something that, under bad light, might pass for food.

      The closest they might get is if I charge the burger, and even then, all they get is a confirmation code from my credit card.

    • Re:Wait... (Score:4, Insightful)

      by jimbolauski ( 882977 ) on Tuesday December 14, 2010 @06:11PM (#34554098) Journal

      Why would any sane person possibly give McDonald's all their personal information in the first place?

      The same type of people who frequent McDonalds regularly, would think it's a good idea to get the McRib is coming updates. Also if you win a prize from their monopoly game you might have to give them your info?

    • This is primarily information used by McDonald's giveaways, such as the Monopoly promotion [wikipedia.org] when entered online.

      Only names, numbers, emails, and addresses were taken.

    • Try something:

      Sit down in front of a McD and offer anyone who hands you their name, address, phone number and email a free hamburger.

      Bet you go home with more than 100 addresses after, say, 3 hours.

      • by Dthief ( 1700318 )
        I bet 99 of those are "fake" [i.e. not where the person lives] addresses, and the 1 address that isn't fake has nothing to steal
        • Not if you stood outside a McDonald's and bought them the hamburger personally. Most people would feel like they owed you, even if it was only a hamburger, and feel bad if they were dishonest about it. Like, all you wanted to do was buy them a hamburger, it's the least they can do!

          Put it on a sign-up sheet, you know? Makes it look less seedy.

          Of course I'm one to talk...I would lie. (And I have, in exactly that situation, except with better sandwiches.) Maybe not about my name. But everything else, yeah.

        • I think you'd be very surprised. Also, I suspect it'd be worth a try to ask for their password, too, in exchange for two burgers maybe.

          Too lazy to google, but I seem to recall something in the last months about a similar thing, where people were offered a bar of chocolate or something in exchange for their password.

          Don't think they verified the accuracy of the passwords, though; but if you said that you can offer them a free burger in exchange for their mcdonals.com user and password - to verify that they'r

          • Too lazy to google, but I seem to recall something in the last months about a similar thing, where people were offered a bar of chocolate or something in exchange for their password.

            First, it was over 2 years ago.
            Second it was apparently 20% of people gave their passwords in exchange for chocolate.
            http://www.darknet.org.uk/2008/04/chocolate-owns-your-passwords/ [darknet.org.uk]

            However, the key thing is - the survey had absolutely zero way of confirming whether the passwords were genuine or not.

            You know what? Some random in the street offers me a bar of chocolate in exchange for my password, I'll gladly trade; I end up with a free bar of chocolate, they end up with a garbage string of characters wh

            • > it was apparently 20%

              I don't know about you, but I find that worrisome.

              > However, the key thing is [...]

              Yes, that's what I hinted at; however, while there are certainly those, I'm afraid I have quite a bit less faith in the security-related intelligence of Joe Average User. I can't tell you how many times I found passwords on post-its, in support tickets without even asking, et cetera.

              No, of those 20%, I honestly wouldn't be surprised if there's three-quarters genuine, especially with the "to verfiy

              • > it was apparently 20%

                I don't know about you, but I find that worrisome.

                Not worriesome, because there is zero data to confirm whether those passwords were anything like valid or not, thus no conclusions can be drawn whatsoever other than 20% of people figured out how to get a free bar of chocolate.
                Nothing more, nothing less.

      • by PRMan ( 959735 )
        Say, "You could win a car" at a mall and you'll get thousands per hour.
    • Re: (Score:3, Insightful)

      McDonald's takes job applications online via their web site. Last time I checked, job applications ask for your personal information.
      • by gustgr ( 695173 )

        It also takes on-line take-out orders in several places of the world, which also requires personal information -- at least a name and an address, but I suppose they ask for more info than that on the order form.

        • It also takes on-line take-out orders in several places of the world, which also requires personal information -- at least a name and an address, but I suppose they ask for more info than that on the order form.

          There are places where McDonald's provides *delivery* which definitely requires a name and an address.

        • Why would online take-out require an address ? Name, ok, easy identification of the order - assume people won't remember your uid - but if you pre-pay the order, they have no need whatsoever for your address or any other details.

    • I suspect it was some promo, like those receipts that say "answer our survey and get a chance for a free burger". I've always said you'd win a lifetime supply of spam. This just proves it.

    • Because many people are poor and lack the opportunities to get a better job than one can get working for McDonald's. Consider that we don't know the full extent of what McDonald's kept in the compromised systems. We only know from the article that McDonald's was willing to admit the data included "customers' e-mail addresses, names, addresses, phone numbers, birth dates, genders, as well as certain information about their promotional preferences and Web information interests". We don't know how the McDon

    • Why would any sane person possibly give McDonald's all their personal information in the first place?

      Why would any sane person possibly eat in McDonald's in the first place?

      And of course, even if you were so moved to have a McRib value meal, you are correct: Why would you even consider giving them your email address, name, etc?

    • You had to enter this info to play the Monopoly online contest.

      Which is actually reasonable since they need some way to contact you and verify your identity in the case of you winning a major prize.

    • Why would any sane person possibly give McDonald's all their personal information in the first place?

      I'm going to take the question up to the next level and ask "Why would any sane person eat at McDonalds"

      • While I don't go to mcdonalds much anymore due to trying to lose weight I found that they offered food that I liked and equally importantly they did so consistently. If i'm away from home and hungry I can go into a mcdonalds buy a box of mcnuggets and a milkshake (I don't like chips) and be pretty sure it would be as nice as the ones bought in the mcdonalds locally. It's not fancy but the batter doesn't have any weird tastes and the chicken inside is fine too.

        I'm sure the same applies to other chain outlets

        • Suggest you watch Super Size Me http://www.imdb.com/title/tt0390521/ [imdb.com] People pick on McDonalds because they are perhaps the number one brand in the industry globally, they use marketing tactics to entice children to the brand and the junk food they serve, and they have been a leader in the "race to the bottom" in the fast food industry. I think there are probably other reasons but those are a few!
    • by Krneki ( 1192201 )
      Why would any sane person possibly use McDonald's in the first place?

      Fixed that for you.
  • by fridaynightsmoke ( 1589903 ) on Tuesday December 14, 2010 @06:06PM (#34553990) Homepage
    Police say they're looking for a short chubby-faced man with ginger hair, wearing a black-and-white striped outfit, a black eye mask, red gloves, a black cape with yellow lining and a red tie with hamburger detail. The man is linked to previous thefts of foodstuffs (primarily hamburgers) from McDonalds.
  • Known to the world...oh the shame! /kill self
  • Robble Robble Robble!

  • !admin (Score:4, Funny)

    by Anonymous Coward on Tuesday December 14, 2010 @06:06PM (#34553996)

    They were probably using HP MSA2000 Arrays..

  • Big Database?
  • This reminds me.... (Score:3, Interesting)

    by f3rret ( 1776822 ) on Tuesday December 14, 2010 @06:11PM (#34554088)

    A while back while WiFi was still new and shiny; and before people had figured the whole "put a password on it"-thing, a friend and I were out wardriving, we came across an open network that turned out to belong to a local Micky D's. Connected to the network and saw a single computer running on it, a little poking at it revealed it to be running some flavor of windows XP and some more poking revealed it to have a blank admin password.
    So when we connected to the standard "C" (or whatever the standard network share is called, I forget) network share and found a huge excel document in the root of said drive, downloaded it and found it to contain all the information - addresses, phone numbers, SSNs and e-mail addresses - of the employees of said Micky D's.

    Cool story, huh?

    • It would be cool if you ended the story with "And then my friend and I were struck by out an out of control semi doing about 90mph, and now I'm typing from my wheelchair using a straw to the rhythm of my ventilator."

    • Bullshit. You can't (and never could) access those hidden shares with a blank password.

      • by koro666 ( 947362 )

        I believe you could before XP Service Pack 2 (which kinda reinforced security).

  • Now if they hack Burger King or the Pho King then I'm hosed.

  • Big Deal? (Score:4, Interesting)

    by SilverHatHacker ( 1381259 ) on Tuesday December 14, 2010 @06:17PM (#34554190)
    Sure, in principle its a bad thing, but I'd be willing to bet that 95% of those people had that exact same information on their Facebook, effectively available to the world anyway.
  • The Draft (Score:2, Interesting)

    by drumcat ( 1659893 )
    Remember, 40 years ago it was a scandal that the free happy meal postcard you filled out was how you were tracked for the draft. My dad taught me this lesson early on, and it's nothing but magnified. BTW, Thank You EFF for winning today!
  • Today: "Adding insult to injury".

  • ...it should read "Silverpop spammers". They have a LONG history which is well known to everyone working in the field, and be readily accessed by anyone who can use a search engine (or check the Internet Archive).

    Note carefully: This doesn't mean that every message they've sent is spam -- most competent spammers these days mix spam and non-spam because it's a highly effective tactic. This also doesn't mean that every customer of theirs hired them to spam -- again, most competent spammers have a mix of cu

  • Comment removed based on user account deletion
  • This should read. "Marketing Company McDonalds contracted was hacked" I don't see anywhere that it says an actual McDonalds server/store system got hacked...

  • That a mcdonaldsmom.com exists worries me greatly.
  • by sootman ( 158191 ) on Tuesday December 14, 2010 @11:09PM (#34556730) Homepage Journal

    I was mildly disgusted to see that the domain http://mcdonaldsmom.com/ [mcdonaldsmom.com] actually exists. Happily, it redirects to http://www1.mcdonalds.com/momstrust/ [mcdonalds.com] which gives a 404. As it should be.

  • Who in their half sane mind would even need to hand over personal information?

    I mean, you pay for a hamburger with cash and last time I checked there wasn't a web store for you to need to punch in your and your family's intimate details.
  • go and have them searched! I would not be surprised if they have all the data!

You know you've landed gear-up when it takes full power to taxi.

Working...