Security researchers found that they could access the personal information of 64 million people who had applied for a job at McDonald’s, in large part by logging into the company’s AI job hiring chatbot with the username and password “123456.”
Ian Carroll and Sam Curry wrote in a blog post that “during a cursory security review of a few hours,” they found the password issue and another simple security vulnerability in an internal API, which allowed access to job applicants’ past conversations with the chatbot, called McHire, supplied to McDonald’s by Paradox.ai.
The personal data seen by the researchers included applicants’ names, email addresses, home addresses, and phone numbers.
Paradox.ai wrote in a blog post that it resolved the issues “within a few hours” after the researchers’ report, and that “at no point was candidate information leaked online or made publicly available.”
The researchers’ findings were first reported by Wired.
Tesla is nearly ready to start selling its electric vehicles in India, according to Bloomberg…
Precious metals enthusiast and entrepreneur Peter Schiff has been spotlighting silver’s recent momentum—and taking a…
The past 24 hours have witnessed bitcoin (BTC) record all-time highs (ATHs) again and again,…
A widely followed crypto analyst says that one rival of smart contract platform Solana (SOL)…
We made it to day four out of four, everyone. There are now just hours…
Tokenization is trending, not only on X. Kraken and Robinhood already allow their users to…