Cybersecurity researchers have discovered that they could have accessed the personal information of 64 million people who applied for jobs at McDonald’s. The issue was that a special chatbot had the login and password “123456.”
This was reported by Wired and TechCrunch.
Experts Ian Carroll and Sam Curry said that “during a superficial security check that lasted several hours,” they discovered a problem with the password, as well as another vulnerability in the internal API. This allowed access to the communication history of candidates with the McHire chatbot, designed for recruitment. It is provided to the restaurant chain by Paradox.ai.
Carroll and Curry were able to see personal data such as names, email addresses, home addresses, and phone numbers. In its blog, Paradox.ai stated that it resolved the issue “within hours” of receiving the researchers’ report. They assured that no personal information about candidates had been made publicly available or posted online.
