If he's just triggering "Add to Cart" and the system responds with "Ice Cream Machine Broken" then it's relatively less harmful. As he says, it probably messes with their data. Unlikely that he's spending $18000 per minute.

Wouldn't he need to pay to actually place the order though?

Yes, another case of a little whitd lie to grab eyeballs. Drafting an order and placing an order are 2 distinct states of an order

Not on an internal API I wouldn't think - he's just spoofing that volume of orders from registers, as if customers had walked into all stores and all ordered the same ice cream simultaneously.

It's more like they ordered from mobile, but didn't checkin/pickup so they're not wasting food or $$.

> to clarify how this works: mcdonald's keeps track which locations have a broken machine, I'm merely querying for those - no order gets executed, no ice cream is actually wasted