Olivia, an AI chatbot used by McDonald's to screen job applicants, has significant security vulnerabilities that were recently uncovered by researchers Ian Carroll and Sam Curry. They managed to exploit simple web-based flaws to access the backend of the Paradox.ai platform, revealing that records from every interaction with Olivia, including personal information of applicants, were exposed. This data breach potentially encompasses 64 million records. The situation raises concerns about the practices employed in modern hiring processes and the security of personal data in such systems.
Carroll and Curry discovered that simple web-based vulnerabilities-including guessing one laughably weak password-allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia.
Virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants, including all the personal information they shared in those conversations.
Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener.
The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.
Collection
[
|
...
]