gtbarryJul 15, 2025

'123456' password exposed chats for 64 million McDonald’s job chatbot applications

a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications

ChatBot's admin panel was protected by weak credentials of a login name "123456" and a password of "123456".

#ParadoxAI #McHire #McDonalds #job #work #artificialintelligence #AI #password #passwords #security #cybersecurity #hackers #hacking

https://www.bleepingcomputer.com/news/security/123456-password-exposed-chats-for-64-million-mcdonalds-job-chatbot-applications/

'123456' password exposed chats for 64 million McDonald’s job chatbot applications

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States.

BleepingComputer
Scripter Jul 13, 2025
KI-Chatbot: Passwort 123456 gewährt Zugriff auf McDonald's-Bewerberdaten - Golem.de
https://glm.io/197944?n #McDonalds #Datenschutz #Bewerberdaten #McHire #Chatbot #Olivia
 Hacker NewsJul 11, 2025
'123456' password exposed chats for 64M McDonald's job applicants
https://www.bleepingcomputer.com/news/security/123456-password-exposed-chats-for-64-million-mcdonalds-job-applicants/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #ChatBot #Job_Applicant #McDonald_s #McHire #Vulnerability #virus_removal #malware_removal #computer_help #technical_support
'123456' password exposed chats for 64 million McDonald’s job applicants

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States.

BleepingComputer
PrivacyDigestJul 11, 2025

McDonald’s #AI #Hiring #Bot Exposed Millions of Applicants' Data to #Hackers Using the #Password ‘123456’

Basic #security flaws left the personal info of tens of millions of McDonald’s job-seekers #vulnerable on the “McHire” site built by #AI software firm Paradox.ai.
> just because they’re big doesn’t mean they can’t do something stupid
#paradoxai #mcdonalds #mchire #privacy #123456

https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/

McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

WIRED
GripNewsJul 10, 2025
🌗 你想要一份 IDOR 搭配你的餐點嗎?洩漏 6400 萬麥當勞求職申請資料
➤ 預設密碼與不安全 API 導致大規模求職者資料外洩
https://ian.sh/mcdonalds
研究人員發現麥當勞的求職平臺 McHire 存在嚴重的安全漏洞,包括使用預設密碼登入管理介面,以及透過不安全的 API 存取其他求職者的個人資料。此漏洞導致超過 6400 萬名求職者的個人資訊,包含姓名、聯絡方式、求職狀態、對話紀錄等,可能遭到洩露。Paradox.ai 迅速修復了此漏洞。
+ 麥當勞竟然使用這麼簡單的預設密碼,實在令人難以置信!資料安全根本沒有受到重視。
+ 這起事件再次提醒我們,在網路上提供個人資料時一定要小心謹慎,企業也必須加強資料保護措施。
#資安漏洞 #資料外洩 #麥當勞 #McHire
Would you like an IDOR with that? Leaking 64 million McDonald’s job applications

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We discovered a vulnerability that could allow an attacker to access more than 64 million job applications. This data includes applicants' names, resumes, email addresses, phone numbers, and personality test results.

Would you like an IDOR with that? Leaking 64 million McDonald’s job applications