A wave of loyalty account fraud is currently hitting McDonald's France. For several days, numerous customers have been reporting on social media the fraudulent use of their McDo+ points, sometimes deducted at restaurants located hundreds of kilometers from their homes. Faced with the increasing number of reports, the chain acknowledges the existence of several cases of account hacking and is now urging its users to quickly change their passwords to secure their access.
According to several accounts shared in recent days on social media and specialized forums, fraudsters are exploiting either login credentials obtained during previous data breaches or vulnerabilities in the loyalty program's operation. Some users explain that the loyalty code displayed in the app is sometimes enough to redeem points at restaurants without further validation.
Renewed concerns about data security
The case has reignited concerns about the cybersecurity of loyalty platforms and fast-food apps. Experts are suggesting the use of "credential stuffing" techniques, which involve automatically testing credentials obtained from past data breaches across various online services. Several users report experiencing points deductions in cities hundreds of kilometers from their homes.
McDonald's France had already faced concerns about data protection following revelations in 2022 regarding a potentially major data breach affecting several million French customers. At the time, personal data and information related to the loyalty program circulated on specialized forums, according to cybersecurity websites.
The company is now urging users to reset their passwords if they have any doubts and to monitor their account activity. Several experts also recommend using unique passwords and avoiding reusing the same login credentials across multiple platforms.
Community
Comments
Comments are open, but protected against spam. Initial posts and comments containing links undergo manual review.
Be the first to comment on this article.