McDonald’s AI Hiring Bot Exposes 64 Million Job Seekers

A major data breach has exposed the personal information of McDonald’s job applicants after security researchers accessed 64 million records through weak administrator credentials on the McHire recruitment platform. The breach exploited vulnerabilities in systems operated by Paradox.ai, an AI software company that provides chatbot-based screening tools for McDonald’s hiring process.

Security researchers Ian Carroll and Sam Curry discovered they could access backend systems simply by guessing credentials, including an account where both the username and password were set to “123456.” This granted them access to sensitive information including applicants’ names, email addresses, phone numbers, and IP addresses.

The breach affects one of several organisations using Paradox.ai’s recruitment technology, powered by its chatbot “Olivia,” which conducts initial job interviews. The incident underscores the risks associated with third-party AI platforms handling sensitive data.

Carroll began investigating Paradox.ai after noticing complaints about its chatbot’s performance.

“It just felt uniquely dystopian compared to a normal hiring process, and that made me want to look deeper,” said Carol while speaking to Wired.

They discovered that the McHire admin panel, designed for restaurant franchise management, included a test franchise account protected by extremely weak default credentials.

McHire, operated by Paradox.ai and used by around 90% of McDonald’s franchisees, allows applicants to submit applications via a chatbot named Olivia. The system collects personal details such as names, email addresses, phone numbers, home addresses, availability, and requires applicants to complete a personality assessment.

During their exploration, Carroll and Curry initially tested the chatbot for prompt injection vulnerabilities but soon noticed an internal login link for Paradox.ai staff on the McHire website. After attempting basic credentials like “admin/admin” and “123456/123456,” they successfully logged in and gained administrator-level access to a test McDonald’s location on McHire—with no multifactor authentication in place.

“In about 30 minutes, we had access to nearly every McDonald’s job application going back years,” Carroll said.

They found that simply incrementing or decrementing the lead_id allowed them to access the full chat transcripts, session tokens, and sensitive personal data of other applicants who had previously applied — all without authorization.

This vulnerability is known as an Insecure Direct Object Reference (IDOR), where an application exposes internal object identifiers (like record numbers) but fails to verify whether the user is authorized to view the associated data.

“Within a few hours of casual security testing, we identified two major issues: the admin interface accepted default credentials (123456:123456) and an insecure direct object reference vulnerability allowed us to access applicant data at will,” Carroll explained in his writeup. “Together, these flaws allowed us — and potentially anyone with access — to retrieve sensitive information belonging to more than 64 million applicants.”

The researchers reported the issue to Paradox.ai and McDonald’s on June 30. McDonald’s responded quickly, acknowledging the report within an hour, and Paradox.ai promptly disabled the default credentials.

In a blog post, Paradox.ai acknowledged the incident, explaining that the compromised account was a dormant test account “not logged into since 2019 and should have been decommissioned.” The company said the account was accessed solely by the researchers and not by malicious actors.

Further investigation by the researchers revealed a second vulnerability: by manipulating applicant ID numbers, they could view other candidates’ records and chat logs. They ultimately accessed seven records, five of which contained personal information.

Paradox.ai emphasized that most chat records were not linked to individual candidates and that only one client—McDonald’s—was affected. The company confirmed no impact on other client systems.

McDonald’s placed the blame on its vendor, stating:

“We’re disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we required immediate remediation, which was completed the same day. We take cybersecurity seriously and will continue to hold our third-party providers to our standards for data protection.”

The breach poses significant risks: fraudsters could potentially exploit this data to impersonate McDonald’s recruiters and carry out payroll scams by requesting sensitive banking information from job seekers.

“This isn’t just about exposing résumés,” Sam Curry noted. “These are people actively waiting for communication from McDonald’s. The phishing risk would have been massive.”

In response, Paradox.ai has rolled out new security measures including stronger password policies, patched API endpoints, and the launch of a bug bounty program. The company has also established a dedicated security contact channel.

Stephanie King, Paradox.ai’s Chief Legal Officer, stated:

“We take responsibility for this issue—full stop. Our clients and their candidates trust us, and we are committed to maintaining that trust.”

Paradox.ai continues to provide AI-powered recruitment solutions to organisations beyond McDonald’s, streamlining candidate screening, scheduling, and engagement through its chatbot platform.

Read Ian Carroll’s and Sam Curry’s complete report HERE