McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

proper@lemmy.world

On Wednesday, security researchers Ian Carroll and Sam Curry revealed that they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.

The outlets headline tries make it sound like “scary hackers.”

jailelonmusk@sopuli.xyz

That sounds like the code an idiot would use for their luggage.

basiclemmon98@lemmy.dbzer0.com

Mcdonald's now owes all of those people a job position, imo.

lurch@sh.itjust.works

even the AI would have suggested a better one. (don't use passwords AI generated tho, because someone may be able to narrow down or recreate tge output one day.)

foobarrington@lemmy.world

That's amazing! I got the same combination on my luggage.

arigion@feddit.org

Me too. Who would think you would use something, noone would use.
Deception is key!

lime@feddit.nu

i mean it is literally a machine built to produce statistically likely text.

huppakee@feddit.nl

Theoretically that could mean it also knows what is statistically unlikely, but it will only tell you what is statistically the most likely statistically unlikely answer.

db0@lemmy.dbzer0.com

I came here to ensure this comment was posted

kbobabob@lemmy.dbzer0.com

Ok, but you'll need two more jobs to pay your bills.