The Weekly Hack: Hackers target a church and McDonald’s

Photo (c) raisbeckfoto - Getty Images

Some hackers are trying to blackmail major corporations. Others just want a free Happy Meal

McDonald’s is defending the security of its “My McD’s” app after Canadian users reported that hackers broke into their accounts and bought food with stolen credit card information.

One user, a Canadian journalist, said that hackers purchased $1,509 worth of Big Macs, McFlurries, Chicken McNuggets, and poutine with his MasterCard.

“While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app,” a spokesman from McDonalds' told Gizmodo. In their statement, McDonald’s also suggested that weak passwords were to blame, an excuse that victims didn’t buy.

“Your mobile app isn’t secure enough, someone got into my account, made 7 separate transactions in a span of 30 mins, in a separate province and never got flagged as suspicious. he even put his own name,” one user wrote on Twitter.


The FBI says that hackers posing as a construction firm convinced employees at the St. Ambrose Catholic Parish in Ohio to wire $1.75 million to a fraudulent bank account.

The church had been working with a construction firm to restore part of its building for a massive $4 million renovation project. On April 16, the construction firm contacted the church to ask why it had not been paid yet. That raised red flags because the church thought it had already paid the construction company. As it turned out, hackers who accessed their email addresses had successfully impersonated the actual firm.

“Please know how very sorry I am that this has occurred in our parish community,” Father Bob Stec said in a letter to parishioners.

Florida voting machines

FBI officials are meeting with Florida Gov. Ron DeSantis and U.S. Sen. Rick Scott over a potentially explosive piece of news buried in the Mueller report: a claim that hackers successfully accessed a voting machine in the network of “at least one Florida County Government.”

DeSantis told reporters that he wanted more information about the hack.

“They won't tell us which county it was. Are you kidding me? Why would you not say something immediately?" he complained to the Tampa Bay Times.

Healthcare firm

Michigan’s Attorney General says that consumers may have had their addresses and Social Security numbers exposed in a breach targeting the Inmediata Health Group, a Puerto Rico-based firm that provides billing services to other healthcare companies. 

The company said it found no evidence that the data was saved by the hackers, but Michigan’s Department of Insurance and Financial Services is warning consumers to review their credit card statements.

“If suspicious activity is detected, it should be immediately reported to the individual’s financial institution,” state authorities said.

Unspecified company affecting 80 million consumers

Security researchers know that something was hacked. They’re just not sure what it was. An estimated 80 million households in the United States may have had their addresses, names, ages, income level, and other information exposed, according to new research by the firm vpnMentor.

The researchers told PC World they only know that the unencrypted data is hosted by a Microsoft cloud server. The victims are all over the age of 40 and the data seems “to itemize households rather than individuals,” the magazine says, suggesting that the hacking target was an insurance, healthcare, or mortgage company.

Internet infrastructure

A German firm that provides Internet infrastructure to major corporations is reportedly being blackmailed by a group of hackers who accessed sensitive company data.

In a statement to Motherboard, the firm Citycomp confirmed that they have “been hacked and blackmailed and the attack is ongoing.”

Take an Identity Theft Quiz. Get matched with an Authorized Partner.