Paradox.ai

開発者と提供者の両方の立場で関わったインシデント

インシデント 11792 Report
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

2025-06-30

Researchers Ian Carroll and Sam Curry reported that McDonald's AI-powered hiring tool, McHire (using Paradox.ai's "Olivia" chatbot), could purportedly be accessed via default admin credentials and an insecure direct object reference in an internal API. The flaws allegedly allowed viewing of applicants' personally identifiable information and chat histories. McDonald's and Paradox reportedly patched the issues within a day of disclosure; Paradox stated only five records were accessed.

Related Entities

McDonald's

開発者と提供者の両方の立場で関わったインシデント

インシデント 1179
2 レポート
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

McDonald's applicants

影響を受けたインシデント

インシデント 1179
2 レポート
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

McHire

Incidents implicated systems

インシデント 1179
2 レポート
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability

Paradox.ai's Olivia chatbot

Incidents implicated systems

インシデント 1179
2 レポート
McDonald's McHire AI Recruitment Platform Reportedly Exposed Data of 64 Million Applicants via Default Login and API Vulnerability