McDonald's Faces Major Security Blunder with AI Hiring Platform Exposing Candidate Data
AI/Software

McDonald's Faces Major Security Blunder with AI Hiring Platform Exposing Candidate Data

McDonald's has been criticized for serious security flaws in its AI hiring platform, potentially compromising data for millions of job applicants.

Overview

McDonald’s employs a hiring platform called McHire.com that utilizes AI for screening job applicants. This service includes a chatbot named Olivia, created by the AI firm Paradox.ai. It collects detailed applicant information, guides potential hires through personality assessments, and responds to standard queries about the company.

Security Flaws Revealed

Two security researchers, Ian Carroll and Sam Curry, uncovered astonishing security weaknesses in this platform, recently highlighted by Wired. The vulnerabilities could have allowed unauthorized access to sensitive conversations between Olivia and job candidates, putting personal data at risk.

Both Ian and Sam were able to exploit several critical security lapses on the backend of McHire.com. They managed to log into an administrative account using the painfully simplistic credentials of “123456,” enabling them access to applicant chat logs, which included names, emails, and phone numbers—approximately 64 million records in total could have been compromised.

Carroll elaborates, “I just thought [McHire] was pretty uniquely dystopian compared to a normal hiring process, right? That’s what made me want to look into it more. I started applying for a job, and within 30 minutes, we had virtually complete access to every application ever made to McDonald’s.”

While the flaw has been rectified following the researchers’ findings, the incident illustrates how precarious personal data management can be and highlights the risks associated with AI-driven recruitment systems. Paradox.ai confirmed that no unauthorized access had occurred, and the issue was promptly addressed after being reported.

This incident serves as a stark reminder of the potential vulnerabilities in systems that handle personal data and emphasizes the need for stringent security measures in technology solutions.

Next article

Krafton Challenges Former Subnautica 2 Leaders Over Project Abandonment Claims

Newsletter

Get the most talked about stories directly in your inbox

Every week we share the most relevant news in tech, culture, and entertainment. Join our community.

Your privacy is important to us. We promise not to send you spam!