All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

McDonald's job chatbot exposed 64 million applicant chats due to '123456' password vulnerability

By

nan60

10mo ago· 3 min readenNews
Bagel score 80 of 100
80/100
Golden Brown
Bagelometer

Baker's choice. Dense with flavour, light on filler.

Score80TypenewsSentimentnegative

Summary

Cybersecurity researchers Ian Carroll and Sam Curry discovered a vulnerability in McHire, McDonald's chatbot job application platform powered by Paradox.ai. The flaw exposed chat data from over 64 million job applications across the United States. The breach occurred because the chatbot's admin panel used a test franchise protected by extremely weak credentials — login name "123456" and password "123456".

Key quotes

· 3 pulled
Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States.
The flaw was discovered by security researchers Ian Carroll and Sam Curry, who found that the ChatBot's admin panel utilized a test franchise that was protected by weak credentials of a login name '123456' and a password of '123456'.
McHire, powered by Paradox.ai
Snippet from the RSS feed
Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States.

You might also wanna read

Carnival Corporation data breach exposes personal information after social engineering attack

Carnival Corporation experienced a data breach in April 2026 where a hacker used social engineering tactics to trick an employee into granti

bit.ly·2d ago

Substack Confirms Data Breach Affecting User Email Addresses and Phone Numbers

Substack has confirmed a data breach where an unauthorized third party accessed user data including email addresses, phone numbers, and inte

techcrunch.com·3mo ago

Mixpanel Discloses Security Incident Involving Smishing Campaign

Mixpanel disclosed a security incident involving a smishing campaign detected on November 8th, 2025, that impacted a limited number of custo

mixpanel.com·6mo ago

Workday Discloses Data Breach Affecting User Information

Workday, a major HR technology provider, disclosed a data breach affecting some of its third-party customer relationship databases. The comp

gizmodo.com·9mo ago

Google Confirms Data Breach in Salesforce CRM Theft Campaign by ShinyHunters

Google has become the latest victim of a data breach in a series of Salesforce CRM data theft attacks orchestrated by the ShinyHunters extor

bleepingcomputer.com·9mo ago

ShinyHunters leaks 4.9 million Charter Communications customer records after extortion refusal

ShinyHunters, a hacking group, claims to have leaked personal data of 4.9 million Charter Communications customers after the telecom company

theregister.com·13h ago