McDonald’s AI Hiring Tool McHire Security Flaw Exposed Candidate Chat Data – Source:hackread.com

McHire’s AI system vulnerability briefly exposed limited candidate chat information. Learn how Paradox promptly fixed the issue, confirming data for only five individuals was viewed by researchers, with no public leak.

A vulnerability in McHire, the AI-powered recruitment platform used by a vast majority of McDonald’s franchisees, exposed sensitive chat interaction data held in its system. The vulnerability, discovered by security researchers Ian Carroll and Sam Curry, allowed unauthorised access to sensitive chat interaction data, including names, email addresses, phone numbers, and IP addresses. However, only five candidates had their information seen in total, and it was only viewed by the security researchers themselves, according to a security update from McHire’s AI recruiting chatbot developer Paradox.ai.

For your information, the McHire platform, accessible via https://jobs.mchire.com/, guides job seekers through an automated process, including a personality test from Traitify.com. Applicants interact with the McHire chatbot, named Olivia, providing their contact details and shift preferences.

The investigation began after reports surfaced on Reddit about Olivia giving strange responses. Researchers quickly found two critical weaknesses. First, the administration login for restaurant owners on McHire accepted easily guessable default credentials: “123456” for both username and password. This simple entry granted them administrator access to a test restaurant account within the system.

The second, and more serious, issue was an Insecure Direct Object Reference (IDOR) on an internal API. An IDOR means that by simply changing a number in a web address (in this case, a lead_id tied to applicant chats), anyone with a McHire account could access confidential information from other candidate chat records.

While the researchers’ blog post initially suggested this could allow viewing details from a large number of records, Paradox’s subsequent investigation confirmed that to validate their findings, the researchers only viewed and downloaded seven chat interaction records. Of these, five were for US-based candidates and included names, email addresses, phone numbers, and IP addresses; the other two records did not contain personal candidate information. Paradox emphasized that sensitive information like Social Security numbers was not exposed and that the chat interactions were not full job applications.

It was while observing a test application from the restaurant owner’s side that the researchers stumbled upon the vulnerable API. They noticed a request to fetch candidate information, PUT /api/lead/cem-xhr, which used a lead_id that could be altered to view other candidate chat data.

The researchers immediately initiated disclosure procedures. They contacted Paradox.ai and McDonald’s on June 30, 2025, at 5:46 PM ET. McDonald’s acknowledged the report shortly after, and by June 30, 2025, at 7:31 PM ET, the default administrative credentials were no longer functional. Paradox.ai confirmed that the issues had been fully resolved by July 1, 2025, at 10:18 PM ET. Paradox clarified in its statement that “at no point was candidate information leaked online or made publicly available.” They further stated that it only impacted “one organization” and “no other Paradox clients were impacted.”

Both companies have stated their commitment to data security following the swift remediation of this critical vulnerability.

“This incident is a reminder that when companies rush to deploy AI in customer-facing workflows without proper oversight, they expose themselves and millions of users to unnecessary risk,” said Kobi Nissan, Co-Founder & CEO at MineOS, a global data privacy management platform.

“The issue here isn’t the AI itself, but the lack of basic security hygiene and governance around it. Any AI system that collects or processes personal data must be subject to the same privacy, security, and access controls as core business systems,” explained Kobi.

“That means authentication, auditability, and integration into broader risk workflows, not siloed deployments that fly under the radar. As adoption accelerates, businesses need to treat AI not as a novelty but as a regulated asset and implement frameworks that ensure accountability from the start,” he advised.