Food and Beverage Business
General News

64 Million US McDonald’s Job Seekers’ Data Compromised in AI Hiring System Breach

64 Million US McDonald's Job Seekers' Data Compromised in AI Hiring System Breach AI hiring, background, color, cybersecurity, device, diabetic, Diet, Disease, dosing pens, employment, fat, hack, health, health care, Here’s a list of comma-separated tags based on the title: data breach, injectable pen, injection, injector, insulin injection, insulin pen, job seekers, level, lose, McDonald's, measuring tape, medical, medicament, medication, needle, Ozempic, risk, sugar, technology, therapy, treatment, Weight loss Food and Beverage Business

On July 9, Ian Carroll and Sam Curry reported a significant security breach involving the AI chatbot platform used by McDonald’s franchisees, known as McHire.com. This platform is pivotal in the hiring process for US-based locations.

The researchers successfully accessed a Paradox.ai account by exploiting the easily guessed password ‘123456’. This breach granted them entry to a comprehensive database containing chat logs between users and the AI chatbot, Olivia.

Alarmingly, the compromised data included information on 64 million individuals who had applied for positions at McDonald’s. This data encompassed names, email addresses, phone numbers, and home addresses.

“The McHire administration interface for restaurant owners accepted the default credentials 123456:123456, while an insecure direct object reference (IDOR) allowed us to access any contacts and chats we wanted,” Carroll detailed on his website.

“Jointly, these vulnerabilities enabled us and any user with McHire account access to retrieve the personal data of over 64 million applicants.”

In an effort to investigate the security lapses further, Carroll and Curry proceeded to apply for jobs at a local McDonald’s. During this process, they encountered a personality test. However, their application stalled, seemingly awaiting human review.

“We promptly began disclosing this issue upon recognizing its potential impact,” Carroll added.

“Regrettably, no public disclosure contacts existed, prompting us to reach out to random individuals via email. Paradox.ai’s security page only states that we should not worry about security!”

After some time, the Paradox.ai team engaged with the researchers, emphasizing their commitment to safeguarding both candidate and client data.

[Paradox.ai] promptly addressed the vulnerability and pledged to conduct further reviews to identify and mitigate any remaining security gaps,” Carroll noted in his conclusion.

Food Manufacture has reached out for comments from McDonald’s regarding this incident.

Aditi Gupta, senior manager of professional services consulting at Black Duck, commented on the breach, noting it exemplifies how “sophisticated AI systems can be compromised” due to oversights like weak passwords and inadequate monitoring.

“This incident highlights a systemic issue in how organizations approach security, particularly when implementing AI and automation solutions,” Gupta remarked.

“The rush to deploy new technology must not compromise fundamental security principles. Organizations need to prioritize essential security measures to maintain trust in their software, especially in an increasingly regulated, AI-driven world.”

Related posts

Dean Secures £4.9 Million Funding to Boost Export Business

FAB Team

Vinca and Kingsland Beverages Strengthen Partnership

FAB Team

Varun Beverages Set to Acquire Another Business in Africa

FAB Team