Fast Food, Weak Passwords: McDonald’s AI Hiring Tool Exposed Millions of Applicants’ Data

Olivia, the AI chatbot McDonald’s uses to streamline job application processes, exposed an estimated 64 million chat logs containing applicants’ sensitive data.

When security researchers Ian Carroll and Sam Curry began poking around the systems behind McDonald’s AI hiring chatbot, they didn’t expect the security of the entire gateway to hinge upon one of the world’s most infamous passwords “123456,” but that’s exactly what they found.

In a case that raises serious questions about AI adoption and vendor oversight, Carroll and Curry uncovered a gaping security hole in Olivia, the AI chatbot McDonald’s and other major brands use to streamline job application processes. Built by HR tech firm Paradox.ai, the system exposed an estimated 64 million chat logs containing sensitive applicant data — all through a poorly secured admin panel protected by a laughably weak password.

“So I started ...