How McDonald’s AI Bot Exposed Millions of Peoples’ Data

As enterprises deploy increasingly sophisticated AI systems, ongoing security concerns about handling sensitive personal data continues to grow too. 

Now in a massive data breach, McDonald’s job applicants had their personal information exposed through basic security flaws in an AI chatbot system used by the fast-food chain to screen candidates.

Security researchers Ian Carroll and Sam Curry discovered they could access 64 million records containing applicants’ names, email addresses and phone numbers by exploiting vulnerabilities in the McHire platform.

The system, built by AI software firm Paradox.ai, uses a chatbot called Olivia to conduct initial job interviews.

The researchers gained access to the backend systems using elementary techniques, including guessing that an administrator account used “123456” as both username and password.

What happened?

Ian, who has a track record of independent security testing, says he initially investigated the system after reading complaints about the chatbot's performance.

“I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more,” he tells WIRED.

“So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years.”

The breach occurred when Ian and Sam attempted to test the chatbot for prompt injection vulnerabilities.

These attacks involve sending specific commands to large language models (LLMs) to bypass their safeguards.

When they could not find such flaws, they spotted a login link for Paradox.ai staff on the McHire website.

Ian attempted common login credentials, first trying “admin” for both username and password, then “123456”.

The second attempt succeeded, granting administrator access to a test McDonald's restaurant on McHire without multifactor authentication.

Paradox.ai's Chief Legal Officer Stephanie King confirms the researchers’ findings: “We do not take this matter lightly, even though it was resolved swiftly and effectively. We own this.”

The company states in a blog post that the compromised test account “had not been logged into since 2019 and frankly, should have been decommissioned.”

Paradox.ai confirms the account “was not accessed by any third party” other than the security researchers.

McDonald’s shifting blame to third-party provider

Once inside the system, Ian and Sam discovered a second vulnerability.

They found they could manipulate applicant ID numbers to view other candidates’ chat logs and contact information.

The researchers accessed seven records in total, with five containing personal information of people who had interacted with the McHire site.

The exposed data included names, email addresses, phone numbers and IP addresses, though not Social Security numbers.

Paradox.ai notes that “the majority of the chat interaction records were not tied to a candidate in the system and did not include candidate personal information.”

Yet McDonald's places responsibility on its vendor: “We're disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai,” the company states.

“As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately and it was resolved on the same day it was reported to us.

“We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection.”

Phishing risks heightened by employment context

The employment context makes the data especially valuable for fraudsters who could impersonate McDonald's recruiters to request financial information for direct deposit setup.

Sam highlights the particular risks posed by the breach: “Had someone exploited this, the phishing risk would have actually been massive.

“It's not just people's personally identifiable information and résumé. It's that information for people who are looking for a job at McDonald's, people who are eager and waiting for emails back.

“If you wanted to do some sort of payroll scam, this is a good approach.”

The incident affects only one Paradox.ai client, with the company confirming that “our other client instances were not impacted.”

Paradox.ai provides AI-powered recruitment software to multiple organisations beyond McDonald’s.

In response to the breach, Paradox.ai has implemented new security measures including updated password requirements and API endpoint patches.

The company is also launching a bug bounty programme to identify future vulnerabilities and has established a dedicated security contact email.

“We take responsibility for this issue. Full stop,” King states.

“Our clients and their candidates place their trust in us, and we are committed to maintaining that trust.”