McDonald’s job applicants who used McHire.com were screened by Olivia, an AI chatbot built on technology from Paradox.ai. According to findings revealed by security researchers Ian Carroll and Sam Curry, the platform behind that hiring flow had basic security weaknesses that could have exposed applicant conversations and contact details.
The issue was not described as a sophisticated breach. One path into the system began with a Paradox.ai staff login on McHire.com and credentials where the username and password were both “123456.” From there, the researchers found a second flaw that let them view applicant records by changing an applicant ID number.
What the researchers found on McHire.com
McHire.com is a website many McDonald’s franchisees use to handle job applications. Applicants who go through that process may interact with Olivia, which screens candidates, asks for contact information and résumé details, and points them toward a personality test.
Carroll and Curry said they first looked at the system after Carroll saw complaints on Reddit about the chatbot giving confusing responses and misunderstanding basic questions. The researchers initially tested for “prompt injection” vulnerabilities, but when that did not reveal a problem, they looked at the site’s backend access paths.
They found a login link for Paradox.ai staff. Carroll said he tried common credentials: first the username and password “admin,” then the username and password “123456.” The second attempt worked. The source article says there appeared to be no multifactor authentication on that Paradox.ai login page.
That access led the researchers into an administrator view for a test McDonald’s “restaurant” on McHire. The employee accounts shown there appeared to be Paradox.ai developers, seemingly based in Vietnam. The researchers also found apparent test job postings for the nonexistent location and confirmed that an application submitted through one of them appeared in the backend.
The second flaw made records easy to reach
The weak login was only part of the exposure. Carroll and Curry then saw that the applicant ID for their own application was a number somewhere above 64 million. By changing that ID downward, they could view another applicant’s chat logs and contact information.
The data appeared to include as many as 64 million records. The source says those records included applicants’ names, email addresses and phone numbers. The researchers did not broadly scrape the data, saying they were concerned about privacy violations or hacking charges.
Paradox.ai said the researchers accessed seven records in total, and five contained personal information from people who had interacted with the McHire site. Carroll and Curry shared a small sample with WIRED, including names, contact information and application dates. WIRED contacted two applicants through the exposed contact information, and both confirmed they had applied for McDonald’s jobs on the specified dates.
Why applicant data carries a specific risk
The exposed data was not described by Carroll and Curry as the most sensitive kind of personal information. Even so, they argued that the hiring context made the risk more serious. The records did not merely connect a name to a phone number or email address; they connected people to an active or past attempt to get work through McHire.
Curry said that context could make phishing more effective because applicants were waiting for communication about jobs. He told WIRED: “Had someone exploited this, the phishing risk would have actually been massive.”
That risk is straightforward. Someone with access to applicant information could pose as a McDonald’s recruiter and use the job application process as cover for follow-up requests. Curry pointed to the possibility of asking for financial information to set up direct deposit, saying, “If you wanted to do some sort of payroll scam, this is a good approach.”
The exposure also created a privacy concern beyond fraud. Carroll and Curry noted that applications, including attempts that did not lead to a job, could be embarrassing for some people if exposed. Carroll also made clear that he would not suggest anyone should be ashamed of working under the Golden Arches.
How Paradox.ai and McDonald’s responded
When WIRED contacted McDonald’s and Paradox.ai, Paradox.ai shared a blog post it planned to publish confirming Carroll and Curry’s findings. The company said only a fraction of the accessed records contained personal information. It also said it had verified that the administrator account using the “123456” password “was not accessed by any third party” other than the researchers.
Paradox.ai said the issue was resolved swiftly and that it is starting a bug bounty program to catch future security vulnerabilities. Stephanie King, Paradox.ai’s chief legal officer, told WIRED: “We do not take this matter lightly, even though it was resolved swiftly and effectively.” She added: “We own this.”
McDonald’s placed responsibility on Paradox.ai in its own statement to WIRED. The company said it was disappointed by the “unacceptable vulnerability” from the third-party provider and said it mandated Paradox.ai to remediate the issue immediately after learning of it. McDonald’s said the issue was resolved on the same day it was reported.
What this says about AI hiring systems
The McHire incident shows that the security of an AI hiring chatbot is not only about the chatbot’s answers. It is also about the accounts, databases and backend systems connected to the hiring workflow. In this case, the researchers did not need to defeat the AI model itself to reach applicant data.
For applicants, the practical concern is that job-seeking information can be valuable even when it appears ordinary. A name, phone number, email address, résumé details and evidence that someone is waiting for a hiring response can create a convincing setup for fraud.
For companies using AI hiring tools, the episode underscores a simple point from the facts of the case: vendor systems that process applicant data become part of the employer’s data protection story. McDonald’s said it will continue holding third-party providers accountable to its standards. Paradox.ai said it has addressed the issue and is adding a bug bounty program.