US EditionMcDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’
UNITED STATES, JUL 11 – Security flaws in McDonald's AI hiring platform exposed data of 64 million applicants due to a weak password and API flaw, with fixes applied within a day, researchers said.
- On June 30, cybersecurity experts Ian Carroll and Sam Curry identified a security flaw in McDonald's AI-driven hiring system, McHire, which resulted in the exposure of personal information belonging to 64 million job seekers across the United States.
- The flaw stemmed from weak default admin credentials of '123456' used in McHire’s chatbot backend and an IDOR bug that allowed unauthorized data access.
- Researchers were able to access extensive conversation records, authentication tokens, and sensitive applicant information collected by Olivia, the AI chatbot responsible for screening 90 percent of job candidates at McDonald's franchises.
- Paradox.ai and McDonald's confirmed the issue, promptly disabled default credentials, deployed a fix the same day, and initiated a system review with plans for a bug bounty program.
- The breach highlights risks in AI hiring systems using weak security, prompting McDonald's and Paradox.ai to strengthen protections and enforce third-party accountability.
89 Articles
89 Articles
Some Americans who applied for McDonald's have their data at risk because the recruitment system had "123456"... as a password.
AI Chatbot for Hiring McDonald's Workers Exposed Millions of Applicants' Personal Data
Security researchers have uncovered glaring vulnerabilities in the "McHire" AI chatbot used by McDonald's to hire workers, potentially exposing the personal information of approximately 64 million job applicants. The post AI Chatbot for Hiring McDonald’s Workers Exposed Millions of Applicants’ Personal Data appeared first on Breitbart.
Last June, two cybersecurity researchers discovered that McDonald's chatbot recruitment platform, called Olivia/mChire, was protected by extremely weak standard credentials. Platform used by...
Two researchers managed to access personal data from people who applied for jobs at McDonald's . How? By using the password "123456," reports Wired. - So, I started applying for a job and after 30 minutes I had full access to pretty much every application made to McDonald's for several years, security researcher Ian Carrol told the magazine.
How to Recreate McDonald’s Favorites Without the Meat
On any given day, around 70 million people will eat at McDonald’s. To put that in perspective, that is more than twice the population of Texas, 30 million more than the entire population of Canada, and almost the same amount of people as there are living in the UK right now. To sum up: it’s a staggering amount. Jump to the recipes The globally-loved fast-food chain reels people in with its fast, relatively cheap, and filling food. People also l…
McDonald's Idiotic AI Hiring System Just Leaked Personal Data About Millions of Job Applicants
As large language models (LLMs) become ever more integrated into the platforms that define daily life, major flaws in the software's security capabilities are starting to show. McDonald's is among the growing list of companies that have quickly shoehorned LLM chatbots into their hiring systems, consequences be damned. Its Paradox.ai-built chatbot, which McDonald's calls a "virtual recruiting assistant," goes by the name Olivia. Olivia is more th…
Coverage Details
Bias Distribution
- 59% of the sources lean Left
To view factuality data please Upgrade to Premium
