McDonald’s AI hiring platform, McHire, exposed sensitive data from 64 million job applicants due to the use of the notoriously weak password “123456.” Security researchers Ian Carroll and Sam Curry accessed live admin dashboards and applicant records using default credentials, uncovering a flawed API that leaked resumes, contact info, and personality test results. Used by 90% of franchises, the Olivia chatbot handled hiring with minimal oversight. The breach highlights major concerns around AI, vendor accountability, and basic cybersecurity controls.
by rrollins
Recent Comments