McDonald’s AI Chatbot Breach Exposes 64 Million Records

McDonald’s job applicants had their personal information exposed when security researchers accessed 64 million records through basic password attacks on the McHire platform. The breach occurred through vulnerabilities in systems operated by AI software firm Paradox.ai, which provides chatbot technology to screen candidates for the fast-food chain.

Security researchers Ian Carroll and Sam Curry gained access to backend systems by guessing administrator credentials, including an account that used “123456” as both username and password. The attack exposed names, email addresses, phone numbers and IP addresses of people who had applied for positions at McDonald's restaurants through the AI-powered recruitment system.

The incident affects one of multiple organisations using Paradox.ai's recruitment technology, which employs a chatbot called Olivia to conduct initial job interviews. The breach demonstrates how third-party AI systems can create security risks for corporations handling applicant data.

Paradox.ai vulnerabilities discovered through login attempts

Ian, who has a track record of independent security testing, initially investigated the system after reading complaints about the chatbot’s performance. “I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that’s what made me want to look into it more,” he told WIRED.

The breach occurred when Ian and Sam attempted to test the chatbot for prompt injection vulnerabilities. These attacks involve sending specific commands to large language models to bypass their safeguards. When they could not find such flaws, they spotted a login link for Paradox.ai staff on the McHire website.

Ian attempted common login credentials, first trying “admin” for both username and password, then “123456”. The second attempt succeeded, granting administrator access to a test McDonald’s restaurant on McHire without multifactor authentication.

“So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald’s going back years,” he said.

Paradox.ai confirms test account compromise dating back to 2019

Paradox.ai stated in a blog post that the compromised test account “had not been logged into since 2019 and frankly, should have been decommissioned.” It also confirmed the account “was not accessed by any third party” other than the security researchers.

Once inside the system, Ian and Sam discovered a second vulnerability. They found they could manipulate applicant ID numbers to view other candidates’ chat logs and contact information. The researchers accessed seven records in total, with five containing personal information of people who had interacted with the McHire site.

“The majority of the chat interaction records were not tied to a candidate in the system and did not include candidate personal information,” it added. The incident affected only one Paradox.ai client, with the company confirming that “our other client instances were not impacted.”

McDonald’s placed responsibility on its vendor following the breach. “We’re disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai,” the company stated.

“As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately and it was resolved on the same day it was reported to us. We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection.”

The employment context makes the data valuable for fraudsters who could impersonate McDonald’s recruiters to request financial information for direct deposit setup. Sam highlights the risks posed by the breach: “Had someone exploited this, the phishing risk would have actually been massive.

“It’s not just people’s personally identifiable information and résumé. It's that information for people who are looking for a job at McDonald's, people who are eager and waiting for emails back. If you wanted to do some sort of payroll scam, this is a good approach,” Sam states.

Paradox.ai implements security measures following McHire breach

In response to the breach, Paradox.ai has implemented new security measures including updated password requirements and API endpoint patches. The company is launching a bug bounty programme to identify future vulnerabilities and has established a dedicated security contact email.

Paradox.ai provides AI-powered recruitment software to multiple organisations beyond McDonald’s. The company processes job applications through its chatbot system across various clients in the recruitment sector.

“We take responsibility for this issue. Full stop,” says Paradox.ai's Chief Legal Officer Stephanie King. “Our clients and their candidates place their trust in us, and we are committed to maintaining that trust.”