McHire

Incidents implicated systems

Incident 11792 Rapports
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

2025-06-30

Researchers Ian Carroll and Sam Curry reported that McDonald's AI-powered hiring tool, McHire (using Paradox.ai's "Olivia" chatbot), could purportedly be accessed via default admin credentials and an insecure direct object reference in an internal API. The flaws allegedly allowed viewing of applicants' personally identifiable information and chat histories. McDonald's and Paradox reportedly patched the issues within a day of disclosure; Paradox stated only five records were accessed.

Related Entities

McDonald's

Incidents impliqués en tant que développeur et déployeur

Incident 1179
2 Report
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

Paradox.ai

Incidents impliqués en tant que développeur et déployeur

Incident 1179
2 Report
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

McDonald's applicants

Affecté par des incidents

Incident 1179
2 Report
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

Paradox.ai's Olivia chatbot

Incidents implicated systems

Incident 1179
2 Report
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability