McDonald's AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Who Tried the Password '123456
JUL 9, 2025 3:28 PM
IF YOU WANT a job at McDonalds today, theres a good chance you'll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them go insane by repeatedly misunderstanding their most basic questions.
Until last week, the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicantsincluding all the personal information they shared in those conversationswith tricks as straightforward as guessing the username and password 123456."
On Wednesday, security researchers Ian Carroll and Sam Curry revealed that they found simple methods to hack into the backend of the AI chatbot platform on McHire.com, McDonald's website that many of its franchisees use to handle job applications. Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilitiesincluding guessing one laughably weak passwordallowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers.
Carroll says he only discovered that appalling lack of security around applicants' information because he was intrigued by McDonald's decision to subject potential new hires to an AI chatbot screener and personality test. I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more, says Carroll. So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years.
Snip
https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/