An unlikely voice on cyber security, McDonald's Netherlands used its menu items as a cautionary tale about passwords.
On Change Your Password Day (February 1st), the fast-food chain highlighted data from Have I Been Pwned showing that 'bigmac' has appeared as a password in 110,922 data breaches. The campaign draws attention to how consumers habitually choose predictable passwords. They don't just use names of their pets or children, but also familiar brands and favorite products, which compromises their online security.
The rest of the McDonald's menu also appears frequently in compromised password databases: 'frenchfries' shows up 34,407 times, 'happymeal' 17,269 times, and 'mcnuggets' 2,219 times, with countless variations adding numbers or special characters. While cybersecurity experts have long warned against weak passwords, the persistence of these patterns suggests that awareness campaigns haven't translated into behavioral change. McDonald's used the occasion to encourage consumers to rethink their password strategies.
TREND BITE
As cyber threats escalate and data breaches multiply, the gap between knowing better and doing better remains stubbornly wide. By turning its own brand ubiquity into a teaching moment, McDonald's demonstrates how consumer-facing companies can step into educational roles that extend beyond their core business. When traditional security campaigns fail to change behavior, brands with cultural currency may prove more effective messengers. What everyday knowledge gap could your brand help close by leveraging what makes you familiar?
