Security researchers found that they could access the personal information of 64 million people who had applied for a job at McDonald’s, in large part by logging into the company’s AI job hiring chatbot with the username and password “123456.”
Ian Carroll and Sam Curry wrote in a blog post that “during a cursory security review of a few hours,” they found the password issue and another simple security vulnerability in an internal API, which allowed access to job applicants’ past conversations with the chatbot, called McHire, supplied to McDonald’s by Paradox.ai.
The personal data seen by the researchers included applicants’ names, email addresses, home addresses, and phone numbers.
Paradox.ai wrote in a blog post that it resolved the issues “within a few hours” after the researchers’ report, and that “at no point was candidate information leaked online or made publicly available.”
The researchers’ findings were first reported by Wired.
Canary Capital has made another crypto-related filing with the U.S. Securities and Exchange Commission (SEC).…
Hackers are using fake voicemails and purchase orders to spread UpCrypter malware, giving them remote…
Eclipse Labs is burning its ships. Just weeks after its token launch, the L2 developer…
Numeraire price is up 40% to near $12.40 after JPMorgan secured $500 million capacity in…
The New York Times reported today on the death by suicide of California teenager Adam…
Crypto exchange-traded funds (ETFs) snapped back to life on Monday, with ether ETFs attracting $444…