An AI hiring bot intended to streamline the job application process has instead created a super-sized privacy headache for McDonald’s. 

Turns out that the personal data of millions of job applicants was apparently exposed through the bot, nicknamed Olivia, on the McHire site that Paradox.ai built for the hamburger chain. Essentially, any hacker who plugged in the admin name and passcode “123456” to access all of the chats and resume info shared between applicants and Olivia. 

Security researchers Sam Curry and Ian Carroll decided to give Olivia’s recruitment prowess a spin after seeing job applicants complaining mightily on Reddit about the hiring bot and its often nonsensical answers.  After “applying” for a job at Mickey D’s, following Olivia’s instructions for providing data, including shift preferences, and taking a personality test that they found to be a “disturbing experience,” the researchers stumbled upon a restaurant owner login that allows owners to view applicants.

“It turned out we had become the administrator of a test restaurant inside the McHire system. We could see all of the employees of the restaurant were simply employees of Paradox.ai, the company behind McHire,” they wrote in a blog post and recounted to Wired.  

“This was great because we could now see how the app worked, but annoying because we had still not demonstrated any actual confidentiality or integrity impact,” they said. 

By applying to a test job posting already set up by the account, they could see what the restaurant could see: “All of the in-progress conversations with ‘Olivia.’”  They discovered the restaurant could “intervene when they hit certain stages, like having completed the personality test.” 

But it wasn’t until they clicked on a “Paradox team members” link that they hit paydirt.  They were able to log in with the username 123456 and the same sequence for the password, then “quickly realized this API allows us to access every chat interaction that has ever applied for a job at McDonald’s.” 

Not exactly what the burger chain planned to serve up. 

“This incident is a prime example of what happens when organizations deploy technology without having an understanding of how it works or how it can be operated by untrusted users,” says Desired Effect CEO Evan Dornbush. 

It’s a lesson that must be taught over and over again. “This problem isn’t unique to AI — it’s a recurring pattern with every so-called ‘game-changing’ technology,” says William Leichter, Senior Officer at PointGuard AI.  

Leichter notes that the “hype cycle drives organizations to deploy fast, chasing immediate gains while sidelining seasoned security professionals,” much like the industry saw “during the early rush to the cloud a decade ago, when developers uploaded sensitive data to Amazon S3 buckets without basic password protection.” 

What stands out most to Randolph Barr, CISO at Cequence Security, is that using easily guessable credentials, an OWASP Top 10 no-no, “was allowed in a production system with no multifactor authentication (MFA).” That’s not just a technical oversight, he says, “it reflects a broader weakness in the security program itself.” And it begs a question about what other foundational security practices might be missing. 

That points to a “systemic issue in how organizations approach security, particularly when implementing AI and automation solutions,” says Aditi Gupta, senior manager, professional services consulting at Black Duck.  

Incidents like the one at McDonald’s, she says, should be compelling enough for organizations to “prioritize fundamental security measures to ensure uncompromised trust in their software, especially for the increasingly regulated, AI-powered world.” 

As AI adoption accelerates, says MineOS Cofounder and CEO Kobi Nissan, AI shouldn’t be treated as a novelty, but rather “as a regulated asset, and implement frameworks that ensure accountability from the start.” 

The good news is that McDonald’s has already mitigated this particular security issue. And wary job applicants can always head on over to Burger King, where they can presumably have security their way…and where they don’t have to defend a perpetually broken ice cream machine.