Cybersecurity researchers uncovered a significant vulnerability in McDonald’s job application platform, McHire, exposing personal data of over 64 million applicants. The flaw involved weak default credentials and an insecure IDOR API, allowing unauthorized access to sensitive chat transcripts and applicant information. #McHire #IDOR #ParadoxAI
Keypoints
- A security vulnerability was found in McHire, McDonald’s recruitment chatbot platform.
- The flaw involved weak admin credentials and an insecure direct object reference (IDOR) vulnerability.
- Researchers were able to access personal data and chat transcripts of over 64 million applicants.
- The vulnerability was quickly reported, and McDonald’s mandated a fix from Paradox.ai, which was implemented promptly.
- Paradox.ai announced it is reviewing its systems to prevent future security issues.