RE: LeoThread 2025-08-01 19:49

McDonald’s AI hiring bot exposed millions of applicants’ data to hackers who tried the password ‘123456’

On Wednesday, #security researchers Ian Carroll and Sam Curry revealed that they found simple methods to hack into the backend of the AI chatbot platform on #McHire.com, allowing them to access a Paradox.ai account and query the company's databases that held every McHire user's chats: 64 million records.

Carroll says: “ I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years.” He tried two of the most common sets of #login credentials: the username and password “admin," and “123456.” The second of those two tries worked. “It's more common than you'd think,” Carroll says. There appeared to be no #multifactor #authentication for that Paradox.ai login page.