Like they say, nothing in life is free. But a recent software loophole discovered in McDonald’s promotion system allowed two software developers to get as many hamburgers they wanted, for absolutely free. In the world of cybersecurity, software vulnerabilities are sometimes exploited by hackers and bad actors to fulfill their bad, selfish motives. But it’s not necessarily the case all the time. There are bad people (black hat hackers), but there are also some good people (white hat hackers) in the cybersecurity industry whose aim is to make the online world a safer place.
So here we tell you what actually happened!
What is McDonald’s Promotion System?
First things first, you need to understand McDonald’s promotion system. It’s the same system that offers its customers rewards for their orders. Going by the report published in Vice, two German software developers dug deeper into the code behind McDonald’s promotion system. Soon, they discovered a vulnerability that would allow them to get pretty much anything from McDonald’s, without paying anything.
The duo attempted to experiment with the flaw in Berlin and successfully generated €17 voucher. This voucher was then used to place an online order. Bam! The order was placed and processed successfully! At first, the developers didn’t want to go to the store. But they went to the store eventually to explain the situation to the store manager.
To their surprise, the store manager did not find anything problematic with their order and suggested they should take their order. The duo then ordered 15 burgers from another McDonald’s store. Similar to their first order, this new order was also placed and processed successfully without any problem.
This time, however, the duo informed the manager about the situation and canceled the order before it could be prepared by the workers. In the end, these two developers established contact with McDonald’s customer support to inform them about this hack, which didn’t work for some reason. The publication that first reported the story then reached out to McDonald’s. However, the food chain didn’t acknowledge the problem.
Thankfully, the flaw was eventually fixed and both the developers were rewarded by McDonald’s for their discovery.