McDonald’s recently launched an AI-driven recruiting platform named McHire, featuring an AI chatbot designed to assist in the hiring process. However, researchers uncovered a significant security vulnerability that could leave sensitive user data at risk.

What Happened?

The McHire platform, powered by Paradox.ai and its chatbot Olivia, collects applicants’ resumes, CVs, and personal information. Unfortunately, two security researchers, Ian Carroll and Sam Curry, managed to access the backend of the site using an extremely common password: ‘123456’. This simple mistake opened the door to vast amounts of personal data.

Data Exposure Details

The vulnerability reportedly exposed the personal information of 64 million individuals who had previously applied to work at McDonald’s. The data accessible through the breach included:

• Names
• Email addresses
• Phone numbers

While it may not seem catastrophic, such information can be exploited to launch convincing phishing attacks, particularly aimed at job applicants.

The Aftermath

Upon discovering this breach, Paradox was promptly notified and acted to secure the platform. They asserted that only a small portion of the exposed records contained personal information. Nevertheless, the incident raises crucial questions about the security protocols in AI recruitment technologies.