I’m Lovin’ IT

I’m Lovin’ IT
Photo: Justin Sullivan, Getty Images

It’s not unusual for large companies to commit occasional data screw-ups, and McDonald’s, glorious provider of caloric excess to billions, is the most recent offender.

In recent days, the fast food franchise accidentally sent out emails containing login information related to a database for its Monopoly VIP game. The messages, sent to recent winners of the British version of its game for the purposes of prize redemption, could have potentially allowed recipients to pillage the database for sensitive information.

The McDonald’s Monopoly contest is a well-known sales promotion gimmick that allows customers to win prizes and money via codes found on purchases. Essentially, when you buy a meal of some kind from a McDonald’s restaurant, you have a chance to win a prize (i.e., some money, a vacation, a hot tub, or whatever).

Bleeping Computer reports that the database in question could have potentially contained other winning prize codes, meaning that recipients could have hypothetically used them to cash unclaimed prizes (besides the one they had already won). It’s unclear how many people received these emails though at least one person, this guy, made a TikTok video about it. For reference, check out a screenshot of one of the emails below:

Screenshot: Lucas Ropek/Twitter/Troy Hunt Screenshot: Lucas Ropek/Twitter/Troy Hunt

The incident was brought to the public’s attention by Troy Hunt, Microsoft employee and blogger behind “Have I Been Pwned,” who was contacted by one of the people who received an email. “Never trust a clown to secure your connection strings,” Hunt appropriately tweeted, in explanation of the incident. He further commented that the company appeared to have since changed the exposed passwords, thus restricting access.

We reached out to the fast food franchise to get some clarity on the situation and will update this story if they get back to us.

To be sure, McDonald’s Monopoly has weathered much larger scandals than this. The American version of the sweepstakes game was the subject of an FBI probe in the early 2000s, with the feds discovering a large-scale conspiracy to defraud the contest via employees of a subcontracting firm that McDonald’s had hired to promote it. The scheme was the subject of a recent HBO documentary series, McMillions.

Nor is this the only data problem the Golden Arches has endured. Earlier this year, the company had a much broader IT issue: a data breach that exposed the personal information of an unknown amount of customers and employees in Taiwan and South Korea markets, as well as some corporate information in the U.S.