Researchers uncovered a security flaw in McDonald’s app, revealing a significant data breach due to an insecure single sign-on (SSO) mechanism. By accessing a less visible ‘Paradox team members’ link and using the simple password ‘123456’, they logged in effortlessly. This led to the discovery of an internal API endpoint that used predictable parameters to access applicant data. A minor alteration in the ID allowed retrieval of sensitive personally identifiable information (PII), including chat transcripts, contact details, and job application data. Key information such as timestamps, shift preferences, and personality test outcomes were also exposed. This incident highlights the risks of deploying technology without thorough understanding and security measures. Evan Dornbush, CEO of Desired Effect, emphasizes the necessity for organizations to invest in security awareness and threat mitigation strategies to protect sensitive data and maintain customer trust, especially in an era where AI systems handle vast amounts of personal information.
Source link
Share
Read more