Bitcoin reached a new all-time high of $118,900 on Friday, surpassing its previous record of $113,822 set on Thursday. As Read more
Selling software to companies can be a daunting task, especially when it comes to meeting security requirements. Chas Ballew, founder Read more
Earlier this week, San Diego startup Gallant announced $18 million in funding to bring the first FDA-approved ready-to-use stem cell Read more
The world’s richest man buys out one of the most popular social media platforms and uses it as a propaganda Read more
Security researchers made a startling discovery when they found that the personal information of 64 million people who had applied for a job at McDonald’s was accessible due to a major security flaw. By using the incredibly common username and password “123456,” they were able to log into the company’s AI job hiring chatbot and gain unauthorized access to sensitive data.
The Vulnerabilities Uncovered
Ian Carroll and Sam Curry detailed in a blog post that within just a few hours of conducting a security review, they not only uncovered the password issue but also identified another simple security vulnerability in an internal API. This second flaw allowed access to job applicants’ previous conversations with the chatbot, known as McHire, which was provided to McDonald’s by Paradox.ai. The personal data exposed included names, email addresses, home addresses, and phone numbers of the applicants.
Immediate Response
Paradox.ai acted swiftly after the researchers’ report, resolving the security issues within a few hours. They assured the public that candidate information was not leaked online or made publicly available at any point. The swift response from the company helped prevent any further data breaches and potential misuse of the exposed personal information.
This eye-opening discovery by the security researchers was first brought to light by Wired, shedding light on the critical importance of robust cybersecurity measures to safeguard sensitive data in today’s digital age.
