In June 2025, security researchers Ian Carroll and Sam Curry uncovered devastating security flaws in McDonald’s AI-powered hiring platform, McHire, which exposed the personal information of over 64 million job applicants. The breach wasn’t the result of sophisticated hacking techniques—instead, researchers gained administrator access by simply logging in with the username and password “123456,” one of the most commonly used default credentials in existence. A second vulnerability allowed them to access applicant records by manipulating ID numbers in the system’s URL. The exposed data included names, email addresses, phone numbers, home addresses, and complete chat logs with the AI chatbot named “Olivia.” This incident highlights how even basic security oversights can lead to massive data exposures, particularly when third-party AI tools are deployed without proper authentication measures like multi-factor authentication (MFA).
The Breach: How “123456” Opened the Door
The McDonald’s data breach represents one of the most preventable cybersecurity disasters in recent memory. Security researchers discovered that the McHire platform, built by AI software company Paradox.ai, was protected by what can only be described as laughably inadequate security measures. The researchers discovered a login portal for Paradox.ai staff and decided to test the most obvious credentials possible.
Their first attempt used “admin” as both the username and password—it failed. Their second attempt used “123456” for both fields—it succeeded immediately. There was no multi-factor authentication, no brute-force protection, and no account lockout mechanism. The administrator account, which hadn’t been accessed since 2019 according to Paradox.ai, should have been decommissioned years ago.
This wasn’t an advanced persistent threat or a zero-day exploit. This was the digital equivalent of leaving the front door wide open with a welcome mat that read “come on in.” As PYMNTS noted, the breach “wasn’t a failure of AI so much as a failure of the most basic cybersecurity principle: never leave the front door wide open.”
What Data Was Exposed
The vulnerability gave potential attackers access to a staggering amount of sensitive information spanning multiple years of McDonald’s recruitment activities. The exposed data included:
- Full names of job applicants
- Email addresses for direct contact
- Phone numbers for communication
- Home addresses in many cases
- Complete chat transcripts with the Olivia AI chatbot
- Application dates and timestamps
- Résumé information shared during the hiring process
- Personality test responses submitted by applicants
While Paradox.ai clarified that only a fraction of the 64 million records contained complete personal information, even partial exposure creates significant risks. The researchers accessed seven records during their investigation, five of which contained personal information. They verified the authenticity of the data by contacting two applicants using their exposed contact details—both confirmed they had applied for McDonald’s positions on the dates indicated in the system.
The Olivia AI Chatbot and McHire Platform
Olivia is an AI-powered chatbot that has fundamentally transformed McDonald’s hiring process across thousands of franchise locations globally. When applicants visit McHire.com to apply for positions, they interact with Olivia instead of human recruiters during the initial screening phases. The bot is responsible for:
- Screening job applicants through automated conversations
- Collecting personal contact information and résumés
- Directing candidates to personality assessments
- Answering basic questions about positions and requirements
- Managing the initial stages of the application funnel
However, Olivia’s implementation has been controversial. According to WIRED, frustrated applicants have taken to Reddit to complain about the AI “making them go insane” by repeatedly misunderstanding basic questions and providing nonsensical responses. The chatbot’s inability to comprehend context or provide meaningful answers has become a source of frustration for job seekers who are already in vulnerable positions.
The McHire platform operates across McDonald’s decentralized franchise system, where individual restaurant owners manage their own technology stacks for hiring, scheduling, and operations. This fragmentation creates inconsistencies in security implementation and oversight.
How Security Researchers Discovered the Vulnerability
Ian Carroll and Sam Curry, security researchers with an established track record of discovering vulnerabilities in major systems, stumbled upon the McHire security flaws while investigating what they considered a “uniquely dystopian” hiring process. Carroll explained to WIRED: “I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that’s what made me want to look into it more.”
Their investigation followed a methodical path:
Initial Testing: They began by applying for McDonald’s positions themselves, testing the chatbot for “prompt injection” vulnerabilities that could allow them to hijack the AI’s responses. When they found no such flaws, they shifted their focus.
Franchisee Access Point: They attempted to sign up as McDonald’s franchisees to access the backend system but noticed a curious login link specifically for Paradox.ai staff members.
Credential Guessing: On a whim, Carroll tried the most common default credentials—first “admin/admin,” then “123456/123456.” The second attempt worked immediately.
Discovery of Second Vulnerability: Once inside, they found themselves with administrator access to a test McDonald’s “restaurant” staffed by Paradox.ai developers, apparently based in Vietnam. When they applied to a test job posting and viewed their application on the backend, they noticed their application had an ID number above 64 million.
ID Manipulation: The researchers discovered they could change the applicant ID number in the URL to view other applicants’ records. By decrementing the ID from their number down to lower values, they could access millions of previous applications.
Carroll stated: “After 30 minutes, we had full access to virtually every application that’s ever been made to McDonald’s going back years.”
The Real-World Impact and Phishing Risks
While the data exposed might not seem as sensitive as financial records or social security numbers, security experts emphasize that the context makes it particularly dangerous. The information reveals not just personal details, but also the fact that these individuals are actively seeking employment at McDonald’s—a detail that dramatically increases phishing risks.
Targeted Phishing Scenarios: Criminals could impersonate McDonald’s recruiters and send convincing emails or text messages to applicants. These messages could request:
- Bank account information for “direct deposit setup”
- Social security numbers for “tax documentation”
- Payment for “background checks” or “uniform deposits”
- Personal information under the guise of “completing your application”
Sam Curry explained to WIRED: “It’s not just people’s personally identifiable information and résumé. It’s that information for people who are looking for a job at McDonald’s, people who are eager and waiting for emails back.” This eagerness creates a perfect opportunity for social engineering attacks.
Vulnerable Population: Many McDonald’s applicants are in financially precarious situations, making minimum-wage employment, which increases their susceptibility to scams. The desperation for employment can override typical skepticism about suspicious communications.
Reputational Harm: Beyond fraud risks, the exposure of failed job applications could be embarrassing for applicants, though Carroll noted he has “nothing but respect for McDonald’s workers” and visits the restaurant regularly.
McDonald’s and Paradox.ai Response
When contacted by media outlets, both McDonald’s and Paradox.ai acknowledged the security failures and implemented immediate remediation efforts. However, their responses also revealed a blame game between the fast-food giant and its technology vendor.
Paradox.ai’s Position: The company published a blog post confirming Carroll and Curry’s findings but attempted to minimize the severity. Chief Legal Officer Stephanie King stated: “We do not take this matter lightly, even though it was resolved swiftly and effectively. We own this.” The company claimed:
- Only a fraction of the 64 million records contained complete personal information
- The administrator account with the “123456” password “was not accessed by any third party” other than the researchers
- The issues were resolved “within a few hours” of being reported
- They are instituting a bug bounty program to catch future vulnerabilities
McDonald’s Statement: The corporation deflected responsibility entirely onto Paradox.ai, telling WIRED: “We’re disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us. We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection.”
Both companies emphasized that no evidence exists of malicious access beyond the security researchers’ authorized testing. However, the absence of logging and monitoring means it’s impossible to definitively prove the data wasn’t previously accessed by unauthorized parties.
Critical Lessons for Enterprise Cybersecurity
The McDonald’s breach offers critical lessons for enterprises deploying AI tools and managing third-party vendor relationships in an increasingly complex digital ecosystem.
Default Credentials Are Inexcusable: Using “123456” as an administrator password in 2025 represents a fundamental failure of security hygiene. Organizations must enforce password policies that prohibit default credentials and implement automated scans to detect such vulnerabilities.
Multi-Factor Authentication Is Non-Negotiable: The absence of MFA on an administrator account with access to 64 million records is staggering. Belsasar Lepe, co-founder and CEO of Cerby, emphasized to PYMNTS: “It’s the tried and true advice that is often given. Make it easy to turn on multifactor authentication for your end users. Ninety-nine percent of identity attacks are due to a lack of MFA just being turned on.”
Third-Party Vendor Risk Management: McDonald’s franchise system creates a decentralized technology environment where individual owners deploy solutions with limited corporate oversight. This structure demands robust vendor security assessments and ongoing monitoring. Philip Yannella, co-chair of the privacy, security and data protection practice at Blank Rome, warned: “If you’re a bank, you’ve got to worry quite a bit about your vendors.”
AI Tool Deployment Requires Security Review: Line-of-business teams increasingly adopt AI-powered tools like McHire outside traditional IT oversight. The perception that these are simple “software as a service” solutions leads to security being deprioritized. Every AI deployment must undergo rigorous security review regardless of which department is implementing it.
Insecure Direct Object References (IDOR) Prevention: The ability to access other users’ data by simply changing an ID number in a URL is a well-known vulnerability category. Modern applications must implement proper authorization checks to verify users can only access resources they’re permitted to view.
Account Lifecycle Management: Paradox.ai admitted the compromised administrator account hadn’t been used since 2019 and “should have been decommissioned.” Organizations must implement automated processes to identify and remove dormant accounts that pose unnecessary risk.
Assume Breach Mentality: The absence of logging means Paradox.ai cannot definitively prove malicious actors didn’t access the data before the researchers. Comprehensive logging, monitoring, and alerting are essential to detect and respond to unauthorized access attempts.
The McDonald’s incident demonstrates that sophisticated AI capabilities mean nothing if basic security fundamentals are neglected. As enterprises rush to adopt AI tools, they must ensure these implementations don’t create new vulnerabilities through inadequate security practices.
Sources
- WIRED – McDonald’s AI Hiring Bot Exposed Millions of Applicants
- TechCrunch – AI Chatbot’s Simple ‘123456’ Password Risked Exposing Personal Data
- PYMNTS – McDonald’s Used 123456 as Password, Exposed 64 Million Files
- Ian Carroll & Sam Curry – Original Security Research Report
- Identity Theft Resource Center – Weak Password Leads to McDonald’s Data Breach
- Malwarebytes – McDonald’s AI Bot Spills Data on Job Applicants