NSFW Prompt Generator🌶️ (18+)
Free AI Rizz Generator
Infatuated AI
Candy.AI
SlutRoulette
JerkMate
Stripchat
LiveJasmin
MyFreeCams
Why trust Greenbot
Security researchers uncovered a vulnerability in McDonald’s AI hiring platform, McHire, but no candidate data was leaked or accessed by malicious actors, according to the company and its vendor, Paradox.ai.
On June 30, cybersecurity experts Ian Carroll and Sam Curry discovered the issue during an exploration of the McHire platform, which uses the AI chatbot “Olivia” to assist with job applications for 90% of McDonald’s franchises worldwide. The researchers used a test account with weak credentials—“123456”—to access backend data.
However, contrary to early reports, only five U.S.-based applicant records were viewed—and exclusively by the researchers. The data involved chat records, not full applicant profiles, and no sensitive personal information was exposed. There is no evidence that any data was leaked online or accessed by malicious actors.
“We want to be very clear that job-seekers were unaffected, and sensitive data fields remain protected in the system,” Paradox.ai said in a statement. “This incident impacted only one organization, and no other Paradox clients were affected.”
The researchers reported the vulnerability to Paradox.ai, which resolved the issue within hours, the same day. The company acknowledged the lapse and emphasized its commitment to security improvements, including the launch of a bug bounty program to catch similar issues in the future.
McDonald’s Australia confirmed it was aware of the situation and emphasized that the vulnerability was quickly remediated by the third-party vendor. “We’re disappointed by this unacceptable vulnerability from a third-party provider. As soon as we learned of the issue, we mandated Paradox.ai to remediate it immediately,” a spokesperson said.
While the vulnerability raised concerns about the security of AI-based hiring systems, experts note this case stands out because no actual breach or public data exposure occurred—a rare outcome in cybersecurity incidents.
“We take full responsibility,” said Stephanie King, Chief Legal Officer at Paradox.ai. “We do not take this matter lightly, even though it was resolved swiftly and effectively.”
The incident occurred as more companies adopt AI for hiring. Similar systems are used by Australian retailers Bunnings and Woolworths, raising questions about security across automated recruitment platforms.
Paradox.ai announced a bug bounty program to catch future vulnerabilities. The company emphasized that researchers only accessed seven records total, with five containing personal information.
Security experts warn that the breach demonstrates how rushed AI adoption often neglects basic cybersecurity measures. The failure involved elementary mistakes like default passwords and missing access controls that should never occur in systems handling sensitive data.
