AfterDawn: Tech news

McDonald's database hacked, user email addresses, birthday info stolen

Written by Andre Yoskowitz (Google+) @ 14 Dec 2010 0:56 User comments (16)

McDonald's database hacked, user email addresses, birthday info stolen McDonald's has confirmed today that hackers broke into a database containing email addresses and birthdays for consumers who have signed up for McDonald's promotions.
The fast food chain made it clear that no sensitive information, like credit card numbers, Social Security numbers or physical addresses were compromised.

"The incident has resulted in an investigation by law enforcement authorities. Arc and McDonald's are cooperating with the appropriate authorities," says spokeswoman Danya Proud. "We are also working with Arc and their database management firm to understand how the security was bypassed."

Arc refers to long-time McDonald's business partner Arc Worldwide, an email database management firm.

It is unclear how many consumers are affected.

Previous Next  

16 user comments

114.12.2010 1:20

Well maybe these people will have to get healthier foods now.

214.12.2010 1:22

lol why would someone steal this information? It must have been burger king!



314.12.2010 1:35

I highly doubt to believe a Hacker did this, Your Typical Hacker wouldn't do this

414.12.2010 3:26

thats what I think! burger king hired a hacker to send spam mail promoting the whopper!



514.12.2010 4:55

Probably some kid just trying to prove that he could do it.



614.12.2010 8:27

just remember huge email lists are worth a lot on the black market.

714.12.2010 8:38

OMG...They stole my birthday!!!

Yeah even the b-days are worth something correlated with the emails...Information is money for these marketing types and like anything else some don't care how they get it.

You prob shouldn't be handing your email to any of these companies if you are concerned about SPAM and etc anyway...

This message has been edited since its posting. Latest edit was made on 14 Dec 2010 @ 8:39

Just my $0.02,

dEwMe

814.12.2010 9:58

The only reason ANY company offers promotions is to get your information.
Arc sold it to make a buck by telling the rogue third party how to hack it.

914.12.2010 10:42

Originally posted by Blessedon:
The only reason ANY company offers promotions is to get your information.
Arc sold it to make a buck by telling the rogue third party how to hack it.
That could very well be possible a scheme when it came to Mcdonalds Monopoly did happen on the inside once

1014.12.2010 11:26

HAHA, i think Arc probably already sold it and when they worked out the spammers they sold it to looked like they were going to do something or had done something silly and they get found out .....

(how did they know my birthday as well... ?)

... they hit a pre-emptive strike and say we got hacked.

Why didnt they notify the customers directly they had lost their details, how do the customers know if they have been effected.

What would be intresting is if some got a target spam from this database that could be identified and it pre-dates them saying it was hacked...

This message has been edited since its posting. Latest edit was made on 14 Dec 2010 @ 11:28

1114.12.2010 14:42

Originally posted by plazma247:

Why didnt they notify the customers directly they had lost their details, how do the customers know if they have been effected.

They did:

Dear Valued McDonald's Customer,
Our records indicate you previously elected to submit information to McDonald's in connection with one of our websites or promotions. We wanted to let you know there is a possibility that the limited information you provided to McDonald's through its websites or promotions was improperly accessed by an unauthorized third party.
By way of background, McDonald's asked Arc Worldwide, a long-time business partner, to develop and coordinate the distribution of promotional emails. Arc hired an email service provider, a standard business practice, to supervise and manage the email database. That email service provider has advised that its computer systems recently were accessed by an unauthorized third party, and that information, including information that you provided to McDonald's, may have been accessed by that unauthorized third party. Law enforcement officials have been notified and are investigating this incident.
McDonald's does not collect sensitive financial information, such as Social Security Numbers or credit card numbers, online or through email. As such, the information improperly accessed did not include this type of information. Rather, the limited information you provided to McDonald's included information required to confirm your age, a method to contact you (such as name, mobile phone number, and postal address and/or email address), and other general preference information. In the event that you are contacted by someone claiming to be from McDonald's asking for personal or financial information, do not respond and instead immediately contact us at the number below so we can contact the authorities. Please remember, McDonald's would not ask for that type of information online or through email.
We apologize for any concern this incident may cause. Protecting our valued customers is very important to us. If you have any questions or concerns, rather than replying to this email, please contact us immediately at our toll-free number 1-800-244-6227. For additional information please visit our website at www.mcdonalds.com/notice.
Sincerely,
McDonald's Customer Satisfaction Team

1214.12.2010 14:45
lissenup2
Inactive

This was done so the hacker could pass on a Happy F'ing Birthday to everyone.

What's wrong with that? I think it's kinda nice. ;)

This message has been edited since its posting. Latest edit was made on 14 Dec 2010 @ 14:45

1314.12.2010 16:41

Originally posted by jam_k:
Originally posted by plazma247:

Why didnt they notify the customers directly they had lost their details, how do the customers know if they have been effected.

They did:

Ahh well at least they notified the people, however when:

age, name, mobile phone number, postal address and email have all been breached, they say ....

Social Security Numbers or credit card are not collected... i should hope not.

BUT, when you have someones age/address/dob your only a couple of bin dives and a utility bill or two away from something just as bad.

! SHAME SHAME SHAME ON YOU ARC !

1415.12.2010 14:30

They should have stolen the recipe to find out what REALLY is in their hamburgers. Thank goodness I don't eat that crap anyways.

1515.12.2010 18:32

Oh Crap they figured out the password to the database was McMuffin.


"Have you tried turning it off and on again?" ~ Roy Trenneman

http://www.facebook.com/BlueLightningTechnicalServices

1616.12.2010 10:20

Maybe it was the Hamburlgar

This message has been edited since its posting. Latest edit was made on 16 Dec 2010 @ 10:21

Comments have been disabled for this article.

News archive