Hackers breached McDonald's AI bot using password 123456
Kyiv • UNN
Cybersecurity researchers discovered a vulnerability in McDonald's AI recruitment bot, gaining access to 64 million candidate records through a weak password. The company acknowledged and fixed the issue, but the data could have been used for phishing.
Hackers breached McDonald's AI hiring bot using the password 123456. This was reported by UNN with reference to Wired.
Details
The vulnerability was discovered by so-called "white hat hackers" - cybersecurity researchers Ian Carroll and Sam Curry. Due to a "weak" password, they gained access to the administrator account of the McHire.com platform. This allowed them to view chat archives with candidates, including personal data - names, phone numbers, email, and interview responses. In total, up to 64 million such records are stored on the platform.
McDonald's acknowledged the problem.
"We are disappointed by this unacceptable third-party vendor vulnerability. As soon as we learned of the issue, we instructed them to fix it immediately. This was done the same day,"
At the same time, the publication notes that such data could be used by attackers for phishing - for example, under the guise of McDonald's recruiters asking candidates to send financial information to allegedly set up a salary account.
Recall
In Australia, cyber hackers breached the database of millions of Qantas airline customers, which became the largest data leak in recent years and severely damaged the company's reputation.