McDonald’s is under significant scrutiny following a severe security breach that compromised sensitive data for approximately 64 million job applicants. Security researchers discovered a critical vulnerability in the AI-driven McHire platform, specifically tied to a weak default admin password, “123456.” This flaw allowed unrestricted access to applicant chat histories and personal information, including names, emails, and phone numbers. The breach was exposed in late June by Ian Carroll and Sam Curry, who found an insecure login labeled “Paradox team members.” Despite attempts to enforce security protocols, their guess of the default password granted access to real administrative dashboards. Experts emphasize that the incident underscores the importance of prioritizing fundamental security measures amidst the rapid deployment of AI technologies. Following the breach disclosure, both McDonald’s and Paradox.ai quickly addressed the vulnerability by disabling default credentials and securing the API.
Source link
