Major security flaw in McDonald’s AI hiring tool McHire exposed 64M job applications. Discover how an IDOR vulnerability and weak default credentials led to a massive leak of personal data and the swift remediation by Paradox.ai.
A vulnerability in McHire, the AI-powered recruitment platform used by a vast majority of McDonald’s franchisees, exposed the personal information of over 64 million job applicants. The vulnerability, discovered by security researchers Ian Carroll and Sam Curry, allowed unauthorised access to sensitive data, including names, email addresses, phone numbers, and home addresses.
The investigation began after reports surfaced on Reddit about the McHire chatbot, named Olivia and developed by Paradox.ai, giving strange responses. Researchers quickly found two critical weaknesses. First, the administration login for restaurant owners on McHire accepted easily guessable default credentials: “123456” for both username and password. This simple entry granted them administrator access to a test restaurant account within the system.
The second, and more serious, issue was an Insecure Direct Object Reference (IDOR) on an internal API. An IDOR means that by simply changing a number in a web address (in this case, a lead_id tied to applicant chats), anyone with a McHire account could access confidential information from other applicants’ chat interactions.
According to their blog post, researchers noted that this allowed them to view details from millions of job applications, including unmasked contact information and even authentication tokens that could be used to log in as the applicants themselves and see their raw chat messages.
The McHire platform, accessible via https://jobs.mchire.com/, guides job seekers through an automated process, including a personality test from Traitify.com. Applicants interact with Olivia, providing their contact details and shift preferences.
It was while observing a test application from the restaurant owner’s side that the researchers stumbled upon the vulnerable API. They noticed a request to fetch candidate information, PUT /api/lead/cem-xhr, which used a lead_id that could be altered to view other applicants’ data.
Upon realising the vast scale of the potential data exposure, the researchers immediately initiated disclosure procedures. They contacted Paradox.ai and McDonald’s on June 30, 2025, at 5:46 PM ET.
McDonald’s acknowledged the report shortly after, and by June 30, 2025, at 7:31 PM ET, the default administrative credentials were no longer functional. Paradox.ai confirmed that the issues had been fully resolved by July 1, 2025, at 10:18 PM ET. Both companies have stated their commitment to data security following the swift remediation of this critical vulnerability.
“This incident is a reminder that when companies rush to deploy AI in customer-facing workflows without proper oversight, they expose themselves and millions of users to unnecessary risk,” said Kobi Nissan, Co-Founder & CEO at MineOS, a global data privacy management firm.
“The issue here isn’t the AI itself, but the lack of basic security hygiene and governance around it. Any AI system that collects or processes personal data must be subject to the same privacy, security, and access controls as core business systems,” explained Kobi.
“That means authentication, auditability, and integration into broader risk workflows, not siloed deployments that fly under the radar. As adoption accelerates, businesses need to treat AI not as a novelty but as a regulated asset and implement frameworks that ensure accountability from the start,” he advised.
