McDonald's hit by a cyberattack: loyalty accounts used without customers' knowledge
On 21 May 2026, McDonald's France confirmed a credential-stuffing campaign that hijacked customer McDo+ loyalty accounts, with fraudsters draining accumulated points for free orders; no banking data was affected and the company launched a mass password reset.
- Victim
- McDonald's