“Would you like a side of fries with that data exposure?”
I want to bring attention to this data exposure (which is different than a data breach where data is stolen) to highlight that companies are often not properly testing systems with employee data and that puts you, your friends, and your families at risk.
In this case, McDonald’s uses hiring software, more specifically an AI chatbot called “Olivia”, to screen applicants. Cybersecurity researchers identified a default login and an unsecure password (“123456”) to easily access McDonald’s hiring software.
Luckily these researchers found the problems before a criminal. The researchers only accessed 6 employee records in their testing, but overall there were 64 million exposed hiring records, including applicants’ names, email addresses, and phone numbers.
After confirming the problems in the hiring software, the researchers privately disclosed the data exposure to McDonalds and Paradox.ai (who created the hiring software). Paradox.ai quickly fixed the vulnerabilities in the software and confirmed that the researchers were the only ones to have discovered the hiring records.
Even though no criminals had used this vulnerability, the incident serves as a reminder: if companies don’t follow basic cybersecurity steps, personal info can be exposed. Not just large systems — even everyday tools can slip up.
Still, it’s a timely reminder: check how you share personal info and always stay cautious online.