Particle.news
Download on the App Store
9 ARTICLES
·
12h ago

McDonald’s Remediates AI Hiring Bot Flaw That Exposed 64 Million Applicant Records

Following fixes for default password and ID-enumeration flaws, Paradox.ai launched a bug bounty program to strengthen hiring chatbot security

Image
The front of a McDonalds restaurant.
blank
Image

Overview

  • Security researchers Ian Carroll and Sam Curry uncovered that a default “123456” admin password and an ID-enumeration vulnerability in Paradox.ai’s Olivia chatbot exposed up to 64 million applicant records, including names, emails and phone numbers.
  • McDonald’s mandated an immediate remediation on July 9 and confirmed that the critical vulnerabilities were patched within hours of notification.
  • Paradox.ai reported that no unauthorized parties beyond the two researchers accessed the exposed data and has instituted a bug bounty program to catch future security gaps.
  • Experts warn the breach highlights the growing risks of integrating AI-driven recruitment tools without stringent cybersecurity controls on third-party vendors.
  • McDonald’s said it remains committed to enforcing rigorous data-protection standards and holding all hiring platform providers to strict security protocols.