NHI Foundation Level Training Course Launched

McDonald’s AI Chatbot “McHire” Exposes 64 Million Job Applications via Default Credentials

Overview

On June 30, 2025, security researchers uncovered a critical vulnerability in the AI-powered recruitment platform McHire, used by McDonald’s and operated by Paradox.ai. This vulnerability exposed over 64 million job applications, including personal information, chat histories, and authentication tokens, all due to legacy credentials with admin rights.

What Is McHire and Who Is Olivia?

McHire is McDonald’s AI-driven recruitment platform that uses “Olivia,” a virtual assistant developed by Paradox.ai, to interact with applicants. Olivia helps job seekers apply, asks screening questions, and schedules interviews, all automatically.

The platform is used by over 90% of McDonald’s franchises, meaning this vulnerability had massive reach.

But while Olivia sounded friendly, behind the scenes, she was working in an environment lacking the most basic security hygiene.

How Did This Happen?

The story starts with two security researchers, Ian Carroll and Sam Curry, who noticed strange behavior in Olivia’s responses and decided to investigate. Their journey took just 30 minutes:

  1. They applied for a job to understand how the system worked
  2. They found a staff login portal and guessed common credentials
  3. After trying “admin/admin,” they tested “123456/123456”, and gained full admin level access to the platform

From there, they uncovered an API vulnerable to IDOR (Insecure Direct Object Reference). By simply changing the value of a lead_id, they could access any applicant’s data, including:

  • Names, email addresses and phone numbers
  • Auth tokens that could be used for impersonation

Technical Failures

  • Default Admin Credentials – The infamous 123456 password had remained active in production since 2019. There was no MFA, no lockout policy, and no alerting for suspicious logins
  • Insecure API Design (IDOR) – The backend API used numeric identifiers (lead_id) with no authorization checks. This allowed an attacker to enumerate through millions of records
  • Lack of Monitoring – There was no evidence the platform had caught this unauthorized access until the researchers disclosed it. highlighting gaps in logging, alerting, and incident response

What Happened After Disclosure?

  • On June 30, the researchers responsibly disclosed the issue to Paradox.ai and McDonald’s
  • By July 1, the credentials were revoked and the IDOR vulnerability patched
  • Paradox.ai announced plans to launch a bug bounty program and improve its security contact process

Why This Matters for AI & NHI Security

Olivia, like many AI systems, is a non-human identity, an autonomous agent operating on behalf of a brand. But unlike human users, NHIs often lack lifecycle governance, credential hygiene, or ownership.

In this case:

  • The AI chatbot was handling high volumes of sensitive data
  • It was interacting autonomously with users across McDonald’s franchise network
  • It was part of a system with privileged backend access but no modern security controls

This incident proves that non-human identities are critical assets in your security model and must be governed, monitored, and protected.

Recommendations

  • Scan for hardcoded or default credentials across environments
  • Enforce strong password policies and credential rotation
  • Use password managers or secret vaults for all credentials
  • Assign clear ownership and lifecycle management for every non-human identity
  • Implement role-based access control (RBAC) and least privileges for all NHIs
  • Encrypt sensitive data both at rest and in transit
  • Use short-lived secrets with limited scope and clear expiration policies
  • Log all access to sensitive systems, especially from NHIs

Conclusion

The McHire incident highlights how even simple oversights. Like default credentials and insecure APIs can lead to massive data exposure. As AI and automation become central to business operations, securing non-human identities is no longer optional. Governance, visibility and lifecycle controls must apply to every system.