Subj : McDonalds AI recruiting platform had a really embarrassing securi To : All From : TechnologyDaily Date : Thu Jul 10 2025 18:45:07 McDonalds AI recruiting platform had a really embarrassing security flaw - and it left millions of users open to attack Date: Thu, 10 Jul 2025 17:34:00 +0000 Description: Researchers logged into the backend of McHire with a "123456" password. FULL STORY ======================================================================McDonald 's recently introduced a new hiring platform called McHire It uses an AI-powered chatbot that collects resumes, CVs, and contact data Researchers managed to easily log into the backend and obtain all of the data stored by the AI A third-party supply chain vulnerability exposed sensitive data on 64 million people who applied to work with McDonalds, experts have claimed. The company recently introduced a new AI-powered hiring platform, courtesy of partners Paradox.ai. Called McHire, it featured Olivia, an AI-powered chatbot that screens applicants, gathers their contact information, CVs and resumes, and makes them do a personality test. The dedicated website, McHire.com, had a login link, which two security researchers - Ian Carroll and Sam Curry - used to log into the backend. They tried guessing the password, and after a first failed attempt (going with admin for both username and password fields), they succeeded on the second one - using 123456 in both fields. Plugging the hole Although it might come as a shock to some, Carroll told Wired easy-to-guess passwords such as this one are more common than youd think. Indeed, over the years, there were countless reports from security experts, warning about the use of passwords such as password, iloveyou, 123456, qwerty, and similar. Reaching the backend, they accessed all the data harvested by the platform, including personally identifiable information shared in CVs and resumes: names, email addresses, and phone numbers. In total, 64 million records were exposed. While stealing names, emails, and phone numbers might not sound like much, cybercriminals can use it to create highly convincing phishing attacks, especially knowing that the victims applied for a job at McDonalds at some point. This can lead to more destructive malware and ransomware attacks, identity theft , and even wire fraud. As soon as the discovery was made, Paradox was notified and quickly plugged the hole. The company told Wired that only a fraction of the records the researchers accessed contained personal information, and that the hole was not previously spotted by anyone else. You might also like Public database exposed 184 million credentials including Microsoft, Facebook, Snapchat, and government account logins Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/mcdonalds-ai-recruiting-platform-had-a- really-embarrassing-security-flaw-which-left-millions-of-users-open-to-attack --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .