McDonald’s Monopoly competition is back this month offering a chance to win expensive prizes, all for the price of a Big Mac.
Given you could become tens of thousands of dollars richer by simply going on a Macca’s run, McDonald’s Monopoly games have in the past been subject to cheating and a multimilliondollar scandal.
But for those who prefer to play fair, what are your chances of actually snaring a prize?
Prizes, prizes, prizes
To take part you need to buy certain McDonald’s food items that include peeloff Monopoly tickets. Each ticket has three different possible outcomes: an “Instant win”, a “Chance card” or a “Collect to win”.
Instant prizes are either a McDonald’s food item such as a burger, or a nonfood prize such as a movie ticket or a cash gift card, redeemed by entering the 12digit code on the ticket into a phone app.
A “Chance card” ticket also provides a 12digit code which, when entered into an app, provides another opportunity to nab an instant prize or a digital “Collect to win” ticket.
The “Collect to win” tickets are the real meat of the game, and yield the major prizes: sometimes a car or large amounts of money. To win one of these prizes, you need to collect all “Collect to win” tickets of the same colour, as you would playing the traditional Monopoly game.
For obvious reasons, McDonald’s doesn’t tell us much about how these tickets are distributed across Australia. But what it does tell us is the maximum number of prizes that can be awarded for each prize type.
Using some fairly basic numbercrunching, we can get a better picture of what our chances are of winning a shiny new car just by purchasing a Big Mac meal.
What the numbers reveal
This year, McDonald’s says 136,634,083 tickets will be distributed across the fastfood giant’s restaurants, and lists the maximum number of prizes available.
While we have no way of determining whether or not this maximum is reached, we can still get a general idea of our chances of winning a prize by using these values.
McDonald’s says there is a oneinfive chance of winning an instant prize, which could either be a food prize or a nonfood prize.

about 18 million tickets yield instant food prizes, which gives a roughly 13.2% chance of winning

about 11.8 million tickets yield instant nonfood prizes, which gives a roughly 8.7% chance of winning
Of course, 13.2% plus 8.7% gives a 21.9% chance of winning an instant prize, on average, which roughly agrees with the oneinfive that McDonald’s claims.
The Gambler’s Fallacy
It’s important not fall for the Gambler’s Fallacy when trying to collect instant win tickets. Collecting five tickets does not mean that one of them will always be an instant win ticket.
McDonald’s simply promises an average rate of an instant win, owing to the fact that about 20% of physical tickets include a prize of some sort.
There are 3,415,852 “Chance” tickets available, so you have roughly a 2.5% chance of getting a “Chance” ticket with your purchase.
McDonald’s says one in five, or 20%, of Chance tickets will result in an instant win. Working the numbers means you have a 0.5% chance of obtaining a Chance ticket that will also get you a prize, so it’s not a strategy you should be banking on.
The bigger prize tickets
While we know how many “Instant win” and “Chance” tickets there are, the details around the “Collect to win” part of the McDonald’s Monopoly game are more closely guarded.
Going by previous observations, it seems that for each “Collect to win” ticket colour, all but one of each set will likely by very commonly distributed. The final one, not so common.
In this year’s game there are two prizes available of a year of free fuel by collecting the three red tickets: The Strand, Fleet Street and Trafalgar Square.
So it’s entirely possible that the probability of finding that final red ticket in the set could be as low as 2 in 136 million.
If you are planning on trying to win one of the major “Collect to win” prizes, these are the odds we think you should be expecting, even if you have collected all but one of the tickets needed, based on the number of prizes avaailable:
1 in 136 million (one prize each)
 one year car rental
 A$10,000 room makeover voucher
1 in 68 million (two prizes each)
 A$5,000 travel gift card
 one year of free fuel
 car
1 in 45 million (three prizes each)
 ultimate gaming package
 home theatre
1 in 34 million (four prizes)
 BBQ set
1 in 17 million (eight prizes)
 A$1,000 shopping voucher
Can you hack the app?
Given each ticket has a 12digit code you can enter into the app to see if you’ve won a prize, a cheeky idea might be to enter random codes to see if you can guess a winning number.
There are several reasons why this is a waste of time (not least the fact that you need to present a physical copy of a ticket to collect a prize), but let’s also get some mathematical perspective.
Every ticket code consists of a combination of letters and numbers. There are 9 possible numbers (19, ignoring 0 so as not to confuse with the letter O) and 26 possible letters (AZ, capitals only) that can appear in a ticket code.
This means there are 35 possibilities for each of the 12 alphanumeric characters in a code. So how many possible 12character codes are there? We can calculate that with:
= 35 × 35 × 35 × 35 × 35 × 35 × 35 × 35 × 35 × 35 × 35 × 35
= 35^{12}
= 3,379,220,508,056,640,625
But there are only a maximum of 136,634,083 tickets in the game.
So the probability of entering a random 12digit code into the app and having it recognised as a valid ticket code is given by:
= 136,634,083/(35^{12})
= 0.00000000004
In other words, a 0.000000004% chance that you would have randomly picked a valid ticket code.
Cracking codes takes time
A number this small is hard to imagine, so let’s think of it another way. If you wanted to increases your chance of randomly picking a valid ticket code to roughly 4% (still a very slim chance!), you should be prepared to pick about 10^{11}, or 100 billion random 12character codes first.
If we assume that picking, entering and checking a code into the app only took you one second, then entering a hundred billion codes would take you about 3,180 years. The competition ends next month.
Incidentally, this is one of the reasons why websites and email services encourage you to choose passwords that are at least eight characters long, with a mixture of numbers, letters and special characters. It takes a long time for people with nefarious intentions to guess your password if it’s as long as a McDonald’s Monopoly ticket code, even if they get a computer to help them.
So what’s the best way to play?
If you remember that McDonald’s Monopoly is much like a regular lottery, you’ll be better off as you can relax and know that there’s next to no chance that you will win a major prize.
The instant win aspect is a nice bonus if you’re already planning on having a meal at McDonald’s, since it’s not all that unlikely that you could end up with some extra fries or a drink.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
Comments
Well, while generally true, it's not actually strictly correct. Depending on the hashing algorithm, password complexity and whether or not you have a rainbow table available, brute forcing an 8 character password can take anywhere between less than an hour or two to a few months. Even 16 character passwords can be cracked in a few hours if they are alphanumeric only. Having alphanumeric characters and symbols just ensures your password is less likely to be brute forced.
It's worth noting that if a site has a password policy that enforces say, 1 capital letter and 1 number in a password, *and* restricts the maximum length, they're actually making accounts less secure due to that requirement, as any password that does not meet the requirement can be eliminated from the pool of possible passwords.
This is why it is 100% best to only ever put a sane minimum length (12 characters is about as low as you should safely go) but never set a maximum length or any other restrictions.
What you've said is true if the web site's database is hacked or otherwise leaked. That's not usually the scenario web sites are thinking of when they impose password complexity requirements. Rather they're more concerned with brute forcing the login form, where the attacker doesn't have access to the hash.
For cases where hashes are leaked, the rainbow table attacks are pretty easy to mitigate by using a salted password hashing algorithm. If you use N bits of salt, the attacker now needs 2^N rainbow tables. Combine this with algorithms that can tune the hashing cost (e.g. scrypt, PBKDF2, etc), and it can get expensive quite quickly.
"Sponsored Content"*
I dunno, the author is essentially saying 'don't bother playing' :D
Any publicity, they say.
I won two months of AnimeLab which was nice.
However long this goes for,the major prize winning dohickies won't be distributed until near the end of the promo.If the major prizes are claimed early,there's no need to continue trying is there?Wait til the end .
Or like what happened in the past all the top winning tickets during the '90s are simply stolen by an insider and given / sold to various nefarious and crime related friends!
https://www.thedailybeast.com/howanexcopriggedmcdonaldsmonopolygameandstolemillions
I believe that most of the times is rigged in one way or another because usually they have the big winners, heavily publicised, but I imagine that if there were truly only 2 winning stickers among millions, the likelihood of those tickets ending on a product whose consumer doesn't know about the promotion or care enough is quite high.
I remember when I was younger and more shameless I hanged around the public areas of the store and nabbed stickers for free fries from boxes abandoned without being checked. There was no shortage of them and that was only the jerks who leave their stuff on the tables rather than dumping it into the bins.
Join the discussion!
Comment Voting
Up Votes
Down Votes
Only logged in users may vote for comments!
Please log in or register to gain access to this feature.
Get Permalink