Overview

• Independent researchers Ian Carroll and Sam Curry gained administrator access to McHire.com by using the outdated Paradox.ai test account credentials “123456.”
• The flaw left as many as 64 million records—names, email addresses and phone numbers—vulnerable to potential phishing schemes.
• McDonald’s instructed Paradox.ai to remediate the issue immediately and confirmed the vulnerability was resolved on the same day it was reported.
• Paradox.ai has instituted a bug bounty program to identify and address future security gaps in its AI hiring platform.
• McDonald’s has reinforced its cybersecurity protocols and pledged stricter oversight of third-party technology providers.