The AI-driven McDonald's hiring platform, McHire, suffered a major security breach when researchers accessed it using the weak password '123456'. Within 30 minutes, they gained full administrative access to an estimated 64 million applicant records, including personal information like names and emails. Paradox.ai, the company behind McHire, acknowledged the breach, clarifying that no malicious outside access occurred and only a small number of records were viewed for verification. They announced a bug bounty program in response, while McDonald's placed responsibility on Paradox.ai for the vulnerability.
Security researchers reported gaining full administrative access to McHire's applicant data within just 30 minutes, exposing 64 million records due to a basic password exploit.
McDonald's response emphasized it was disappointed by a third-party vendor's unacceptable vulnerability, underlining their reliance on Paradox.ai for handling applicant data.
Collection
[
|
...
]