Security researchers have found access to the personal information of 64 million people who applied for jobs at McDonald's. This is largely by logging in to AI jobs, hiring chatbots with username and password “123456”.
Ian Carroll and Sam Curry wrote in a blog post that they discovered a password issue “in a rough security review for hours” and another simple security vulnerability in the internal API.
Personal data viewed by the researchers included the applicant's name, email address, home address and telephone number.
In a blog post, Paradox.ai solved the issue “within a few hours” after the researcher's report, writing that “the candidate information has either been leaked or not published online.”
The researcher's findings were first reported by wired.