AI Chatbot Flaw At McDonald’s Hiring Platform Leads To Massive Data Leak

McDonald’s hiring platform “McHire” recently suffered a data breach, exposing personal details of over 60 million job applicants.

The leak stemmed from its AI-powered chatbot, Olivia, run by third-party vendor Paradox.ai.

Security researchers Ian Carroll and Sam Curry uncovered the flaw after Reddit users complained about the bot’s erratic behaviour.

Initially testing for prompt injection vulnerabilities, they eventually gained backend access by entering “123456” as both username and password on a Paradox team login page—bypassing any security checks.

This gave them access to unmasked personal data of all applicants. Paradox.ai has since acknowledged the breach and claimed to have fixed the issue.