Security researchers discovered vulnerabilities in McDonald's job hiring chatbot, leading to access to personal information of 64 million applicants. The problem was largely attributed to the easy-to-guess password '123456'. The researchers also found weaknesses in an internal API that allowed them to view past conversations of job applicants with the chatbot, called McHire. Personal details accessible included names, email addresses, home addresses, and phone numbers. Paradox.ai resolved these issues shortly after being alerted and claimed no data was leaked online.
During a cursory security review of a few hours, researchers Ian Carroll and Sam Curry found significant vulnerabilities in McDonald's AI job hiring chatbot. They accessed personal information of 64 million job applicants.
The personal data accessed included names, email addresses, home addresses, and phone numbers, highlighting serious security flaws in the chatbot provided by Paradox.ai.
Paradox.ai asserted that it resolved the identified issues within hours of the report and ensured that candidate information was never leaked online.
The simple password '123456' was a major factor that allowed unauthorized access to the sensitive personal information of millions of job applicants.
Collection
[
|
...
]