AI chatbot’s easy ‘123456’ password risked exposing private knowledge of thousands and thousands of McDonald’s job candidates

Safety researchers discovered that they might entry the private data of 64 million individuals who had utilized for a job at McDonald’s, largely by logging into the corporate’s AI job hiring chatbot with the username and password “123456.”

Ian Carroll and Sam Curry wrote in a weblog submit that “throughout a cursory safety assessment of some hours,” they discovered the password subject and one other easy safety vulnerability in an inside API, which allowed entry to job candidates’ previous conversations with the chatbot, known as McHire, equipped to McDonald’s by Paradox.ai. 

The private knowledge seen by the researchers included candidates’ names, electronic mail addresses, residence addresses, and telephone numbers.

Paradox.ai wrote in a weblog submit that it resolved the problems “inside just a few hours” after the researchers’ report, and that “at no level was candidate data leaked on-line or made publicly accessible.”

The researchers’ findings have been first reported by Wired.