Security researchers found that they could access personal information of 64 million people who had applied for a job at McDonald’s, largely by connecting to the employment of the Chatbot company with the username and the password “123456.
Ian Carroll and Sam Curry Written in a blog article That “during a superficial security examination of a few hours”, they found the problem of password and another vulnerability of simple security in an internal API, which made it possible to access the past conversations of the candidates for employment with the chatbot, called MCHIRE, supplied to McDonald’s by paradox.ai.
The personal data observed by the researchers included the names of the candidates, the email addresses, the personal addresses and the telephone numbers.
Paradox.a Written in a blog article Whether he solved the problems “in a few hours” after the researchers’ report, and that “at no time the candidates was disclosed online or made public”.
Researchers’ results were first reported by Wired.
