Security researchers uncovered critical vulnerabilities in McDonald’s McHire chatbot platform, exposing personal data of over 64 million applicants. Paradox.ai and McDonald’s responded quickly to fix these issues, highlighting the importance of secure API and credential management. #McHire #ParadoxAI
Keypoints
- The McHire platform had security flaws that exposed sensitive applicant information.
- Default credentials and insecure API settings allowed unauthorized access.
- Researchers demonstrated they could view and intervene in applicant conversations.
- An IDOR weakness in the API revealed personal details of multiple candidates.
- The vulnerabilities were promptly fixed after notification to McDonald’s and Paradox.ai.