Categories: Tech & Ai

AI chatbot’s simple ‘123456’ password risked exposing personal data of millions of McDonald’s job applicants


Security researchers found that they could access the personal information of 64 million people who had applied for a job at McDonald’s, in large part by logging into the company’s AI job hiring chatbot with the username and password “123456.”

Ian Carroll and Sam Curry wrote in a blog post that “during a cursory security review of a few hours,” they found the password issue and another simple security vulnerability in an internal API, which allowed access to job applicants’ past conversations with the chatbot, called McHire, supplied to McDonald’s by Paradox.ai. 

The personal data seen by the researchers included applicants’ names, email addresses, home addresses, and phone numbers.

Paradox.ai wrote in a blog post that it resolved the issues “within a few hours” after the researchers’ report, and that “at no point was candidate information leaked online or made publicly available.”

The researchers’ findings were first reported by Wired.



Source link

Abigail Avery

Share
Published by
Abigail Avery

Recent Posts

Canary Files for US-Focused Crypto ETF

Canary Capital has made another crypto-related filing with the U.S. Securities and Exchange Commission (SEC).…

14 minutes ago

Warning for Windows Users: Global UpCrypter Phishing Attack is Expanding

Hackers are using fake voicemails and purchase orders to spread UpCrypter malware, giving them remote…

28 minutes ago

Eclipse shakes up executive ranks amid layoffs and app-first pivot

Eclipse Labs is burning its ships. Just weeks after its token launch, the L2 developer…

1 hour ago

Numeraire price jumps 40% as JPMorgan commits $500m to Numerai

Numeraire price is up 40% to near $12.40 after JPMorgan secured $500 million capacity in…

1 hour ago

Dead teen’s family files wrongful death suit against OpenAI, a first

The New York Times reported today on the death by suicide of California teenager Adam…

2 hours ago

Bitcoin and Ether ETFs Roar Back With $663 Million in Combined Inflows

Crypto exchange-traded funds (ETFs) snapped back to life on Monday, with ether ETFs attracting $444…

2 hours ago