McDonald’s AI Bot Guarded by “123456” Password Exposed Millions of Resumes

Anyone who has applied for employment at a McDonald’s in the last few years will likely be quite unhappy to hear that their personal information and application was wide open to anyone that guessed an administrator password was “123456.” The company’s “McHire” AI bot has collected some 64 million applications since 2019, all of which theoretically could have been harvested.

The issue was discovered by a pair of security researchers, and McDonald’s says that it sees no evidence that there was prior unauthorized access. However, with the amount of automated hacking traffic targeting major sites and guessing at easy passwords it is hard to believe that this is the first time this poorly-secured “legacy” account was stumbled upon. The AI bot was reportedly not storing highly sensitive personal information, but did include basic contact information as well as information about employee shifts and chats that they may have had as part of the application process.

AI bot application has McDonald’s employees chat as a first step

The McDonald’s AI bot has apparently been the source of employee complaints for several years now, with posters on Reddit and other forums reporting that it sometimes struggles with basic questions or produces nonsense answers. That prompted the security researchers to fiddle around with it, at first testing it for prompt injection attacks. While it was resistant to that approach, a simpler issue was waiting to be discovered: an admin account that could be accessed with the simple username and password combo of “123456 / 123456.”

The admin panel that researchers broke into allows one to create an application, which then kicks out a unique identification number attached to it. The researchers found that incrementally decreasing this number by one brought up prior applications, complete with chats with the AI bot and basic contact information such as names, phone numbers and email addresses.

The risk here is higher than usual with basic contact information, as recent applications would likely have someone on the other end expecting a call or email. A well-forged phishing approach attached to a fake job offer could readily convince them to give up much more sensitive personal information.

AI bot included personality test

Part of the application process is some sort of personality test, but this is administered by a third party (Traitify.com) and appears to contain very generic questions about willingness to work overtime and get along with co-workers and customers.

The company behind the AI bot is Paradox.ai, whose promotional website claims that 90% of all McDonald’s franchise locations now use it for hiring. The platform was introduced in 2019 but had a slow rollout, only used in a pilot at corporate-owned McDonald’s locations at first before being made available to franchisees in the US, UK, Canada and Ireland.

The vulnerability was disclosed to Paradox.ai and McDonald’s on June 30 and fixed later in the day, but the characterization of it as a “legacy” account implies that this login option was available for some time, perhaps dating back to the origin of the platform six years ago. Paradox.ai responded to the media stories about the issue by saying that it will conduct more frequent security audits, and McDonald’s added that it has a bug bounty program in the works.

Issues with leaks of HR and hiring information are often a case of companies onboarding new software too quickly and with too little of a training and familiarization period, but in this case it appears to be a major oversight by the service provider. Screening and caution must be emphasized in an emerging market that is pumping out AI bots and tools at a very rapid pace. It is also important to carefully evaluate what information these tools will be taking in and storing, and what kind of liability that might create. And, above all else, ensure that employees are not still using “123456” as a password!