Cyber Magazine reports:
McDonald’s job applicants had their personal information exposed when security researchers accessed 64 million records through basic password attacks on the McHire platform. The breach occurred through vulnerabilities in systems operated by AI software firm Paradox.ai, which provides chatbot technology to screen candidates for the fast-food chain.
Security researchers Ian Carroll and Sam Curry gained access to backend systems by guessing administrator credentials, including an account that used “123456” as both username and password. The attack exposed names, email addresses, phone numbers and IP addresses of people who had applied for positions at McDonald’s restaurants through the AI-powered recruitment system.
The incident affects one of multiple organisations using Paradox.ai’s recruitment technology, which employs a chatbot called Olivia to conduct initial job interviews. The breach demonstrates how third-party AI systems can create security risks for corporations handling applicant data.
Read more at Cyber Magazine.
