Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
NHI, AI & IAM Breac...
64 Million Job Appl...
 
Notifications
Clear all

64 Million Job Applications Exposed in McDonald’s AI Chatbot “McHire” Data Breach

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 5855
Topic starter 18/12/2025 9:42 am  

Executive Summary

In June 2025, a significant data breach was identified involving McDonald’s AI recruitment platform, McHire. Security researchers discovered that due to the use of default credentials with admin rights, over 64 million job applications were exposed. This breach unfolded on June 30, 2025, when researchers identified the vulnerability that allowed unauthorized access to sensitive data, including personal information and chat histories. The compromised data included authentication tokens, which could be leveraged for further attacks. Given that McHire is utilized by over 90% of McDonald’s franchises, the breach had a vast impact, putting countless applicants at risk of identity theft and fraud.

👉 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

  • June 30, 2025: Security researchers identify a critical vulnerability in McHire.
  • Discovery of exposed data occurs shortly after the vulnerability assessment.

Data Compromised

  • Over 64 million job applications were compromised, including names, contact details, and employment history.
  • Authentication tokens and user chat histories were also exposed, increasing the risk of unauthorized access.

Impact Assessment

  • The breach potentially affects millions of job seekers, exposing them to identity theft and privacy violations.
  • McDonald’s reputation faces severe damage, eroding trust among applicants and stakeholders.

Company Response

  • McDonald’s and Paradox.ai launched an immediate investigation into the breach.
  • Measures are being implemented to enhance security protocols and eliminate the use of legacy credentials.

Security Implications

  • This incident highlights the importance of proper security hygiene, especially in AI-driven platforms.
  • Organizations are urged to review and strengthen their security frameworks to prevent similar breaches.

👉 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.


This topic was modified 6 months ago by Abdelrahman

   
Quote
Topic Tags
Data Breach Cybersecurity Recruitment Software AI Vulnerability McDonald’s
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  Data Breach (90) , Cybersecurity (347) , Recruitment Software (1) , AI Vulnerability (3) , McDonald’s (1) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.