Get the latest tech news

McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’


Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and resumé, directs them to a personality test, and occasionally makes them “ go insane ” by repeatedly misunderstanding their most basic questions. On Wednesday, security researchers Ian Carroll and Sam Curry revealed that they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with a longtrackrecord of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia.

Get the Android app

Or read this on Wired

Read more on:

Photo of Hackers

Hackers

Photo of McDonald’s

McDonald’s

Photo of data

data

Related news:

News photo

How Trump’s Policies Are Escalating Europe’s Data Sovereignty and Tech Independence Drive

News photo

Bitcoin Depot breach exposes data of nearly 27,000 crypto users

News photo

iMerit believes better-quality data, not more data, is the future of AI