A security oversight in McDonald’s AI-powered hiring platform “McHire” was found exposing sensitive applicant data belonging to as many as 64 million job seekers. Discovered in late June 2025 by security researchers Ian Carroll and Sam Curry, the issue was a default admin login and an insecure direct object reference (IDOR) in an internal API that allowed access to applicants’ chat histories with ‘Olivia’, McHire’s automated recruiter bot.
“The McDonald’s breach confirms that even sophisticated AI systems can be compromised by elementary security oversights,” said Aditi Gupta, senior manager for professional services consulting at Black Duck. “The rush to deploy new technology must not compromise basic security principles. Organizations must prioritize fundamental security measures to ensure uncompromised trust in their software, especially for the increasingly regulated, AI-powered world.”
The flaws, discovered during a security review following Reddit users’ complaints about the bot’s “nonsensical answers,” were promptly resolved by McDonald’s and Paradox.ai (Olivia’s creator) upon disclosure.
According to a blog post by Carroll, McHire’s administrative interface for restaurant franchisees accepted the default username “123456” and password “123456.” Logging in with those credentials immediately granted access, not just to a test environment but to live administrative dashboards.
“Although the app tries to force single sign-on (SSO) for McDonald’s, there is a smaller link for ‘Paradox team members’ that caught our eye,” Carroll said. “Without much thought, we entered ‘123456’ as the password and were surprised to see we were immediately logged in!”
Once inside, researchers additionally discovered an internal API endpoint using a predictable parameter to fetch applicant data. By simply decrementing the ID value, Caroll and Curry retrieved full applicant PII, including chat transcripts, contact info, and job-form data. This IDOR exploit exposed not just contact details but also timestamps, shift preferences, personality test outcomes, and even tokens that could impersonate candidates on McHire.
“This incident is a prime example of what happens when organizations deploy technology without an understanding of how it works or how it can be operated by untrusted users,” Desired Effect CEO Evan Dornbush said. “With AI systems handling millions of sensitive data points, organizations must invest in understanding and mitigating pre-emergent threats, or they’ll find themselves playing catch-up, with their customers’ trust on the line.”
Following disclosure on June 30, 2025, Paradox.ai and McDonald’s acknowledged the vulnerability within the hour. By July 1, default credentials were disabled and the endpoint was secured. Paradox.ai also pledged to conduct further security audits, Carroll noted in the blog
