288

McDonald’s AI Hiring Bot exposed 64 Million McDonald’s job applications to security researchers Who Tried the Password ‘123456’ (ian.sh)

submitted 1 week ago* (last edited 1 week ago) by Pro@programming.dev to c/Technology@programming.dev

13 comments fedilink hide all child comments

top 13 comments

sorted by: hot top controversial new old

[-] Honse@lemmy.dbzer0.com 44 points 1 week ago

McSecurity

[-] Tronn4@lemmy.world 30 points 1 week ago

[-] zzz711@sh.itjust.works 20 points 1 week ago

Here's a crazy idea maybe you shouldn't require applicants to create an account just to apply for a job. Lord knows how many workday accounts I've created.

[-] TechLich@lemmy.world 10 points 1 week ago

Agreed, but it's not the applicants' accounts that was compromised.

That's the password for the admin panel that lets you see every single application and all their conversations with the stupid hiring bot. An order of magnitude more silly.

[-] AlecSadler 8 points 1 week ago

Fuck workday.

[-] CaffeinatedCubits@programming.dev 1 points 1 week ago

I quit applying for jobs if they use workday

[-] otter@lemmy.dbzer0.com 12 points 1 week ago

Mel Brooks has entered the chat

[-] schwimmender@feddit.org 11 points 1 week ago

Unfortunately, no disclosure contacts were publicly available and we had to resort to emailing random people. The Paradox.ai security page just says that we do not have to worry about security!

Lol, reading that as someone who wants to disclose a vulnerability must be frustrating.

[-] Miaou@jlai.lu 1 points 1 week ago* (last edited 1 week ago)

The website says "We worry about security, so you don't have to." (aka some corporate speak) and then links to the company's security@whatever email so this comment from the article author is in extremely bad faith.

[-] pineapplelover@lemmy.dbzer0.com 5 points 1 week ago

Lmao they called it the Mchire

[-] jqubed@lemmy.world 3 points 1 week ago

I’ve seen hiring ads referring to them as McJobs

[-] HugeNerd@lemmy.ca 2 points 1 week ago

Anyone still worried about AI taking over the world and killing all the humans?

[-] SaltSong@startrek.website 2 points 1 week ago

If anyone wanted this information, they could just post a bogus job, and people will just send them the data.

this post was submitted on 09 Jul 2025

288 points (100.0% liked)

Technology

251 readers

115 users here now

Share interesting Technology news and links.

Rules:

No paywalled sites at all.
News articles has to be recent, not older than 2 weeks (14 days).
No videos.
Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

Al Jazeera.
NBC.
CNBC.
Substack.
Tom's Hardware.
ZDNet.
TechSpot.
Ars Technica.
Vox Media outlets, with exception for Axios(Due to being ad free.)
Engadget.
TechCrunch.
Gizmodo.
Futurism.
PCWorld.
ComputerWorld.
Mashable.

More sites will be added to the blacklist as needed.

Encouraged:

Archive links in the body of the post.
Linking to the direct source, instead of linking to an article talking about the source.

founded 2 months ago

MODERATORS

Pro@programming.dev