MENU
  • Loading ...
  • Loading ...

Accommodation Port Macquarie

Latest News Accommodation Port Macquarie

Are you looking for a holiday? Get special deals.

 

McDonald's AI hiring chatbot exposed data of job candidates

20 Jul 2025 By foxnews

McDonald's AI hiring chatbot exposed data of job candidates

Many companies now rely on AI to handle parts of the hiring process. Bots screen resumes, filter candidates, and manage preliminary communication before a human steps in. McDonald's utilizes an AI-powered hiring platform called McHire, which is powered by Paradox.ai's chatbot, Olivia, to streamline its recruitment process.

While AI brings convenience, it also comes with data privacy risks. This became clear when two security researchers responsibly disclosed a critical vulnerability that exposed a small number of candidate records, despite some early reports suggesting a much larger breach.

 Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER

HOW AI CHATBOTS ARE HELPING HACKERS TARGET YOUR BANKING ACCOUNTS

On June 30, 2025, security researchers Ian Carroll and Sam Curry discovered a vulnerability in a Paradox.ai test account related to a single client instance, which serves McDonald's. Using weak, outdated credentials, they accessed a testing portal and discovered an unauthenticated API endpoint tied to chat interaction records.

They retrieved seven chat logs, five of which included U.S.-based candidate information such as:

The remaining two records did not include any personal data. Notably, no full job applications, Social Security numbers, or financial information were exposed, and sensitive fields remained protected.

Paradox.ai responded swiftly, disabling the test account immediately and patching the exposed endpoint within hours of notification. In a public statement, the company confirmed that only five candidate records containing personal information were accessed, and only by the two researchers who ethically disclosed the issue.

The company claims the incident impacted only one Paradox client, believed to be McDonald's, and no other Paradox.ai clients or systems were affected. There is no evidence of malicious access or that any data was ever leaked or made publicly available. The company went on to say that, "We are confident that, based on our records, this test account was not accessed by any third party other than the security researchers."

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Paradox.ai admitted the test account, set up before 2019, should have been decommissioned, and that legacy credentials no longer met current password standards. In response to the incident, the company has:

In response, McDonald's issued a statement:

"We're disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us. We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection."

Early reports suggested that the vulnerability could have exposed up to 64 million job applications. However, researchers never confirmed this number and Paradox.ai's investigation did not find any indication that large-scale data scraping occurred. The only records accessed were the seven chat samples pulled by the researchers to verify the issue.

We reached out to Paradox.ai, and a rep told us: "Our public post should serve as Paradox's official statement. It provides context, as well as some clarification of inaccuracies published in other media."  Consistent with their statement, Paradox.ai emphasized that only five candidate records containing personal information were accessed by the security researchers, and there is no evidence of a mass breach or any data being made public.

While the underlying vulnerability was real, only a very limited scope of data was actually accessed, thanks to the actions of the researchers and the vendor's rapid response.

While the researchers accessed personal information in five records, there is no evidence that attackers ever exploited this data. However, hypothetically, such data could be used for various scams, such as:

The nature of the exposed data makes it sensitive, even if the scope was limited.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

The McHire breach shows how easily personal information can be exposed when AI tools collect job application data. These six steps can help you protect your information before, during, and after applying.

Only share the information needed to complete the application. Do not provide sensitive details like your Social Security Number, bank account information, or full home address unless you are certain the platform is legitimate and secure.

An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address. It also keeps your job search organized, helps you spot scams quickly, and reduces the damage if a company mishandles your data.

See my review of best secure and private email services at Cyberguy.com/Mail

Before you fill out any forms, check that the website URL begins with https:// and that the site looks secure and professional. Avoid platforms or bots that ask vague or repetitive questions or redirect you without a clear reason 

Incidents like the McHire breach show how easily personal details can be exposed-even when you think you're just applying for a job. A data-removal service helps reduce your online footprint by scanning hundreds of data broker sites and requesting the removal of your information. This lowers the risk of your personal data being leaked, exploited in phishing scams, or used for impersonation.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

If you create accounts on hiring platforms, avoid reusing passwords from other services. A weak or reused password can make it easier for attackers to compromise your data if a site is breached. Consider using a password manager to generate and store secure passwords.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

After applying for jobs, stay alert for emails or texts that seem "off." Scammers often use leaked data to impersonate recruiters or employers, especially after high-profile breaches. Watch for fake onboarding requests or messages asking for sensitive information like bank details or IDs. When in doubt, verify directly with the company.

This incident was a serious but limited security issue. Thanks to responsible disclosure by researchers and Paradox.ai's rapid response, the exposure was contained to just five candidate records, and no personal data was leaked or misused. That said, the event is a reminder: when AI is involved in hiring, data privacy must remain a top concern. Even small oversights, like a forgotten test account, can put real people's data at risk.

Do you think more transparency is needed from companies when your data is involved in the hiring process? Let us know by writing us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER 

Copyright 2025 CyberGuy.com.  All rights reserved. 

More News

Booking.com
Fox News AI Newsletter: FDA rolls out AI-powered vaccine platform
Fox News AI Newsletter: FDA rolls out AI-powered vaccine platform
iPhone calendar spam invites are surging
iPhone calendar spam invites are surging
Miami Beach loosens spring break restrictions, aims to draw calmer crowds
Miami Beach loosens spring break restrictions, aims to draw calmer crowds
Alexander the Great's long-lost city located after nearly two millennia: 'Absolutely stunning'
Alexander the Great's long-lost city located after nearly two millennia: 'Absolutely stunning'
Famous volcano blasts lava 1,000 feet high, triggering emergency closures at national park
Famous volcano blasts lava 1,000 feet high, triggering emergency closures at national park
'Worst plane ride': Airline passenger claims she was repeatedly shoved for reclining her seat
'Worst plane ride': Airline passenger claims she was repeatedly shoved for reclining her seat
'Mormon Wives' star weighs just 99 pounds at 5' 10
'Mormon Wives' star weighs just 99 pounds at 5' 10", admits GLP-1 addiction
Iran moves hundreds of millions in crypto during nationwide internet blackout, report reveals
Iran moves hundreds of millions in crypto during nationwide internet blackout, report reveals
Iran deploys explosive 'suicide skiffs' disguised as fishing boats in Strait of Hormuz
Iran deploys explosive 'suicide skiffs' disguised as fishing boats in Strait of Hormuz
Mamdani backs out of CBS interview after network chief Bari Weiss boosted criticism of him on X: report
Mamdani backs out of CBS interview after network chief Bari Weiss boosted criticism of him on X: report
NBA referee goes down hard after brutal collision with camera operator during Hawks-Nets game
NBA referee goes down hard after brutal collision with camera operator during Hawks-Nets game
Remote robot surgery removes cancer 1,500 miles away
Remote robot surgery removes cancer 1,500 miles away
Chicago Public Schools will now allow Bible college students into its teaching program, after lawsuit
Chicago Public Schools will now allow Bible college students into its teaching program, after lawsuit
Fingerprint and photo scans to be fully enforced for American travelers headed to one continent
Fingerprint and photo scans to be fully enforced for American travelers headed to one continent
Sugary drinks linked to higher anxiety risk in certain age group, study finds
Sugary drinks linked to higher anxiety risk in certain age group, study finds
James Carville tells Stephen A Smith Democrats 'do not know how to talk to young men'
James Carville tells Stephen A Smith Democrats 'do not know how to talk to young men'
Katy Perry posts new selfie with boyfriend Justin Trudeau in Instagram slideshow
Katy Perry posts new selfie with boyfriend Justin Trudeau in Instagram slideshow
Iranian soccer team says 'no one can exclude' squad from 2026 World Cup amid participation doubts
Iranian soccer team says 'no one can exclude' squad from 2026 World Cup amid participation doubts
Live Nation employees caught calling fans 'so stupid' in shocking price-gouging messages
Live Nation employees caught calling fans 'so stupid' in shocking price-gouging messages
Planned Parenthood attacks Hawley's effort to strip FDA approval of mifepristone
Planned Parenthood attacks Hawley's effort to strip FDA approval of mifepristone
Latest News

copyright © 2026 Accommodation Port Macquarie.   All rights reserved.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z