Particle.news
Download on the App Store
4 ARTICLES
·
yesterday

McDonald’s Secures AI Hiring Chatbot After 64 Million Applications Exposed

Paradox.ai has launched a bug bounty program to strengthen its hiring chatbot’s security.

Image
West Palm Beach Florida,McDonald's fast food hamburger restaurant,outside exterior seating area,teenage Hispanic Latino boy,short curly hair,thinking pose,resting with phone on table,Now Hiring sign up to $14.50,job opportunity notice,summer employment youth labor,restaurant recruitment campaign,fast food hiring advertisement,urban fast casual setting, visitors visiting travel traveling tour tourist tourism,landmark landmarks culture cultural,vacation group people person scene in a photo making taking,using from having other up on USA US United States,America North American Americans,jgjg,

Overview

  • On June 30, researchers Ian Carroll and Sam Curry reported that the McHire admin interface used default credentials “123456:123456” and contained an insecure direct object reference flaw.
  • The vulnerability allowed enumeration of lead_id values to retrieve full chat transcripts, session tokens and personal data from over 64 million job applications.
  • Paradox.ai patched the IDOR flaw and disabled the weak default credentials on the same day the issues were disclosed.
  • On July 9, Paradox.ai launched a bug bounty program and commenced a comprehensive systems review to guard against similar vulnerabilities.
  • McDonald’s now requires stricter third-party vendor security controls and regular audits for its AI-driven hiring platforms.