McDonald’s AI Hiring Bot Exposes 64 Millions Job Applicants In Major Data Breach - 1

Image by Erik Mclean, from Unsplash

McDonald’s AI Hiring Bot Exposes 64 Millions Job Applicants In Major Data Breach

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The weak password on McDonald’s hiring chatbot exposed millions of job applicants’ data, raising serious concerns about AI, privacy, and digital security practices.

In a rush? Here are the quick facts:

  • McHire’s AI bot exposed over 64 million McDonald’s applicant records to hackers.
  • Hackers accessed data using the password “123456” on a Paradox.ai account.
  • Personal details like names, emails, and phone numbers were viewable.

A serious security flaw in McDonald’s hiring platform exposed millions of job applicants’ personal data using shockingly basic methods, as first reported by WIRED . The security issue was found on McHire.com, which allows candidates to interact with “Olivia,” the AI chatbot developed by Paradox.ai for candidate screening.

WIRED reports that security experts Ian Carroll and Sam Curry gained access to McHire’s backend system through the combination of the username and password “123456.” The researchers gained access to applicant information, including names, emails, phone numbers, and chat logs from more than 64 million records after entering the system.

“I just thought it was pretty uniquely dystopian compared to a normal hiring process,” said Carroll to WIRED. “So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that’s ever been made to McDonald’s going back years,” Carroll added.

Paradox.ai confirmed the flaw in a statement and said only a small number of records contained personal data. The exposed account hadn’t been accessed since 2019 and lacked basic protections like multifactor authentication. “We do not take this matter lightly,” said Paradox.ai’s chief legal officer, Stephanie King, as reported by WIRED. “We own this,” he added.

WIRED reported that McDonald’s released a different statement, which pointed to Paradox.ai as the source of the problem and stated that the issue was fixed immediately. “We’re disappointed by this unacceptable vulnerability from a third-party provider,” the company said.

Carroll and Curry explained that the exposed data could be used to execute phishing attacks by impersonating McDonald’s HR staff, who would request sensitive financial information from applicants. The exposed data included non-sensitive information, but its context as minimum-wage job applications created potential risks for harm to applicants.

OpenAI To Release AI-Powered Web Browser Soon, Challenging Google Chrome - 2

Photo by Denny Müller on Unsplash

OpenAI To Release AI-Powered Web Browser Soon, Challenging Google Chrome

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

OpenAI is reportedly developing an AI-powered web browser that could launch within the next few weeks. Sources familiar with the matter told Reuters that the AI company expects to compete with popular web browsers such as Google Chrome.

In a rush? Here are the quick facts:

  • OpenAI is developing an AI-powered web browser that could launch in a few weeks.
  • Anonymous sources told the news agency Reuters that the browser has been designed considering a ChatGPT-like interface.
  • If OpenAI users adopt the new browser, Google could face significant challenges in the advertising market.

According to Reuter’s exclusive report , three people familiar with the project confirmed that OpenAI is preparing to release a new web browser, powered by its proprietary AI technology, that could significantly change the consumer browsing experience.

The new product is also expected to help OpenAI collect more user data—one of the key factors behind Google’s dominance. If OpenAI’s 500 million weekly users adopt the new browser, the company could begin to challenge Google in the advertising market as well.

Chrome allows Alphabet—Google’s parent company—to target ads more efficiently and reinforces Google’s position as the default search engine. The web browser makes up for nearly three quarters of Google’s revenue. As part of a solution to its ongoing antitrust case against Google’s search monopoly, the U.S. government is considering forcing Alphabet to sell the web browser .

OpenAI’s potential as a search engine has already been acknowledged. In June 2024, Microsoft added the AI company to its competitor’s list for its potential threat in searches, news advertising, and AI offerings.

The anonymous sources explained OpenAI’s new browser is being designed considering a ChatGPT-like chat interface. While the product is part of the company’s broader expansion strategy, details on its functionality have not been disclosed. OpenAI declined to comment, and the sources were not authorized to speak publicly.

According to TechCrunch , in 2024, OpenAI had already explored the idea of building a browser in 2024 to compete directly with Chrome. The company has been testing strategies similar to Perplexity’s—seeking ways to collect user data without relying on Google as an intermediary, while also creating innovative user experiences.

OpenAI recently acquired the company io —co-founded by former Apple designer Jony Ive, a close friend of OpenAI CEO Sam Altman— for $6.5 billion, the company’s largest investments to date, to develop new AI devices.