McDonald’s AI recruiting platform had a really embarrassing security flaw - and it left millions of users open to attack
techradar.com
- McDonald's recently introduced a new hiring platform called McHire
- It uses an AI-powered chatbot that collects resumes, CVs, and contact data
- Researchers managed to easily log into the backend and obtain all of the data stored by the AI
A third-party supply chain vulnerability exposed sensitive data on 64 million people who applied to work with McDonald’s, experts have claimed.
The company recently introduced a new AI-powered hiring platform, courtesy of partners Paradox.ai. Called McHire, it featured Olivia, an AI-powered chatbot that screens applicants, gathers their contact information, CVs and resumes, and makes them do a personality test.
The dedicated website, McHire.com, had a login link, which two security researchers - Ian Carroll and Sam Curry - used to log into the backend. They tried guessing the password, and after a first failed attempt (going with “admin” for both username and password fields), they succeeded ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE