Techly NewsGet the app

Get the latest tech news

AI chatbot’s simple ‘123456’ password risked exposing personal data of millions of McDonald’s job applicants


Security researchers found two flaws in an AI-powered chatbot used by McDonald’s to interact with job applicants.

Security researchers found that they could access the personal information of 64 million people who had applied for a job at McDonald’s, in large part by logging into the company’s AI job hiring chatbot with the username and password “123456.” Ian Carroll and Sam Curry wrote in a blog post that “during a cursory security review of a few hours,” they found the password issue and another simple security vulnerability in an internal API, which allowed access to job applicants’ past conversations with the chatbot, called McHire, supplied to McDonald’s by Paradox.ai. Paradox.ai wrote in a blog post that it resolved the issues “within a few hours” after the researchers’ report, and that “at no point was candidate information leaked online or made publicly available.”

Get the Android app

Or read this on TechCrunch

Read more on:

Photo of McDonald

McDonald

Photo of Millions

Millions

Photo of Password

Password

Related news:

News photo

Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack

News photo

TikTok investigated by European regulators over users' personal data being stored in China

News photo

The Columbia hack is a much bigger deal than Mamdani’s college application | A hacker has a list of millions of people by race. So why is the coverage about Zohran Mamdani

« "Not a clear-cut answer" whether Final Fantasy 17 will be turn-based, says Naoki Yoshida, following Clair Obscur's success
Today's Your Last Chance to Get AirPods Pro 2 for $149 and AirPods 4 for $89 in Prime Day Sales »