A security oversight in McDonald’s AI-powered hiring platform “McHire” was found exposing sensitive applicant data belonging to as many as 64 million job seekers.
Discovered in late June 2025 by security researchers Ian Carroll and Sam Curry, the issue was a default admin login and an insecure direct object reference (IDOR) in an internal API that allowed access to applicants’ chat histories with ‘Olivia’, McHire’s automated recruiter bot.
“The McDonald’s breach confirms that even sophisticated AI systems can be compromised by elementary security oversights,” said Aditi Gupta, senior manager for professional services consulting at Black Duck. “The rush to deploy new technology must not compromise basic security principles. Organizations must prioritize fundamental security measures to ensure uncompromised trust in their software, especially for the increasingly regulated, AI-powered world.”
The flaws, discovered during a security review following Reddit users’ complaints about the bot’s “nonsensical answers,” were promptly resolved by McDonald’s and Paradox.ai (Olivia’s creator) upon disclosure.
Default logins and IDOR lead to massive leaks
According to a blog post by Carroll, McHire’s administrative interface for restaurant franchisees accepted the default username “123456” and password “123456.” Logging in with those credentials immediately granted access, not just to a test environment but to live administrative dashboards.
[ Related: Peeping into 73,000 unsecured security cameras thanks to default passwords]
“Although the app tries to force single sign-on (SSO) for McDonald’s, there is a smaller link for ‘Paradox team members’ that caught our eye,” Carroll said. “Without much thought, we entered ‘123456’ as the password and were surprised to see we were immediately logged in!”
Once inside, researchers additionally discovered an internal API endpoint using a predictable parameter to fetch applicant data. By simply decrementing the ID value, Caroll and Curry retrieved full applicant PII, including chat transcripts, contact info, and job-form data. This IDOR exploit exposed not just contact details but also timestamps, shift preferences, personality test outcomes, and even tokens that could impersonate candidates on McHire.
“This incident is a prime example of what happens when organizations deploy technology without an understanding of how it works or how it can be operated by untrusted users,” Desired Effect CEO Evan Dornbush said. “With AI systems handling millions of sensitive data points, organizations must invest in understanding and mitigating pre-emergent threats, or they’ll find themselves playing catch-up, with their customers’ trust on the line.”
Rapid patching saved the day
Following disclosure on June 30, 2025, Paradox.ai and McDonald’s acknowledged the vulnerability within the hour. By July 1, default credentials were disabled and the endpoint was secured. Paradox.ai also pledged to conduct further security audits, Carroll noted in the blog.
“Even though there’s no indication the data has been used maliciously yet, the scale and sensitivity of the exposure could fuel targeted phishing, smishing/vishing, and even social engineering campaigns,” said Randolph Barr, chief information security officer at Cequence Security. “Combined with AI tooling, attackers could craft incredibly personalized and convincing threats.”
McDonald’s did not immediately respond to queries sent by CSO.
Paradox later posted its version of events to its website, saying that the security researchers were able to log into a Paradox test account related to a single Paradox client instance using a legacy password.
“We are confident that, based on our records, this test account was not accessed by any third party other than the security researchers,” Paradox staff wrote, emphasizing, “at no point was candidate information leaked online or made publicly available. Five candidates in total had information viewed because of this incident, and it was only viewed by the security researchers. This incident impacted one organization — no other Paradox clients were impacted.”
Cybersecurity lapses are becoming increasingly common in recruitment environments, likely due to a focus on speed, automation, and scale at the expense of security. Earlier this week, online applicant tracking platform TalentHook was found >leaking almost 26 million PII files through a misconfigured Azure Blob storage container.
Emphasizing the need to bring hiring workflows into mainstream cybersecurity, Kobi Nissan, Co-founder and CEO at MineOS, said, “Any AI system that collects or processes personal data must be subject to the same privacy, security, and access controls as core business systems. That means authentication, auditability, and integration into broader risk workflows, not siloed deployments that fly under the radar.”
More on passwords:
Why ‘123456’ is a great password
The password hall of shame (and 10 tips for better password security)
No Responses