Latest news with #Ian Carroll
TechCrunch
11-07-2025
- TechCrunch
AI chatbot's simple ‘123456' password risked exposing personal data of millions of McDonald's job applicants
In Brief Security researchers found that they could access the personal information of 64 million people who had applied for a job at McDonald's, in large part by logging into the company's AI job hiring chatbot with the username and password '123456.' Ian Carroll and Sam Curry wrote in a blog post that 'during a cursory security review of a few hours,' they found the password issue and another simple security vulnerability in an internal API, which allowed access to job applicants' past conversations with the chatbot, called McHire, supplied to McDonald's by The personal data seen by the researchers included applicants' names, email addresses, home addresses, and phone numbers. wrote in a blog post that it resolved the issues 'within a few hours' after the researchers' report, and that 'at no point was candidate information leaked online or made publicly available.' The researchers' findings were first reported by Wired.
Entrepreneur
10-07-2025
- Business
- Entrepreneur
McDonald's Job Applicants' Data Exposed to Hackers
Lax secuity measures on McDonald's AI-powered "McHire" site made the personal info of tens of millions of job-seekers vulnerable. McDonald's job applicants are not lovin' it. Wired reports that the company site, built by AI software firm had security flaws that exposed the personal data of "tens of millions of McDonald's job-seekers." The records of "Olivia," the chatbot that applicants interacted with, were easy for hackers to access, writes Wired. It was "as straightforward as guessing the username and password '123456.'" As many as 64 million records were left vulnerable, containing applicants' names, email addresses, and phone numbers. Related: McDonald's Is Hiring a Massive Amount of Workers The security weakness was made public by independent security researchers Ian Carroll and Sam Curry. Carroll told Wired that they were initially drawn to check out due to its "uniquely dystopian" hiring process. "So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years," Carroll said. Chief Legal Officer, Stephanie King, told Wired, "We do not take this matter lightly, even though it was resolved swiftly and effectively," adding, "We own this." Related: McDonald's Executive Says the Company Won't Raise Prices on the Egg McMuffin, 'Unlike Others Making News Recently' McDonald's released a statement, which read in part: "We're disappointed by this unacceptable vulnerability from a third-party provider, As soon as we learned of the issue, we mandated to remediate the issue immediately, and it was resolved on the same day it was reported to us." Good thing the Hamburgular hadn't logged on that day.
