AI chatbot’s simple “123456” password was at risk of revealing personal data from millions of McDonald’s job seekers

Security researchers have found access to the personal information of 64 million people who applied for jobs at McDonald’s. This is largely by logging in to AI jobs, hiring chatbots with username and password “123456”.

Ian Carroll and Sam Curry I wrote it in a blog post “In a rough security review for a few hours,” they found a password issue and another issue. Simple security vulnerabilities With an internal API that allows job seekers access to past conversations with chatbots called Mchire provided to McDonald’s by Paradox.ai.

Personal data viewed by the researchers included the applicant’s name, email address, home address and telephone number.

Paradox.ai I wrote it in a blog post The problem was resolved “within hours” after the researcher’s report, and “the candidate information was either leaked online or not published.”

Researcher’s discoveries First reported by wired.