Personal Lemmy
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Pro@programming.devM to Technology@programming.devEnglish ·
edit-2
11 days ago

McDonald’s AI Hiring Bot exposed 64 Million McDonald’s job applications to security researchers Who Tried the Password ‘123456’

ian.sh

external-link
message-square
17
link
fedilink
295
external-link

McDonald’s AI Hiring Bot exposed 64 Million McDonald’s job applications to security researchers Who Tried the Password ‘123456’

ian.sh

Pro@programming.devM to Technology@programming.devEnglish ·
edit-2
11 days ago
message-square
17
link
fedilink
Would you like an IDOR with that? Leaking 64 million McDonald’s job applications
ian.sh
external-link
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We discovered a vulnerability that could allow an attacker to access more than 64 million job applications. This data includes applicants' names, resumes, email addresses, phone numbers, and personality test results.
alert-triangle
You must log in or # to comment.
  • Honse@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    45
    ·
    11 days ago

    McSecurity

  • chemical_cutthroat@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    ·
    11 days ago

    That’s the stupidest combination I’ve ever heard in my life! That’s the kinda thing an idiot would have on his luggage!

  • Tronn4@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    ·
    11 days ago

  • zzz711@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    20
    ·
    11 days ago

    Here’s a crazy idea maybe you shouldn’t require applicants to create an account just to apply for a job. Lord knows how many workday accounts I’ve created.

    • TechLich@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      11 days ago

      Agreed, but it’s not the applicants’ accounts that was compromised.

      That’s the password for the admin panel that lets you see every single application and all their conversations with the stupid hiring bot. An order of magnitude more silly.

    • AlecSadler@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      8
      ·
      10 days ago

      Fuck workday.

    • CaffeinatedCubits@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 days ago

      I quit applying for jobs if they use workday

  • Øπ3ŕ@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    13
    ·
    11 days ago

    Mel Brooks has entered the chat

  • schwimmender@feddit.org
    link
    fedilink
    English
    arrow-up
    12
    ·
    10 days ago

    Unfortunately, no disclosure contacts were publicly available and we had to resort to emailing random people. The Paradox.ai security page just says that we do not have to worry about security!

    Lol, reading that as someone who wants to disclose a vulnerability must be frustrating.

    • Miaou@jlai.lu
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      9 days ago

      The website says “We worry about security, so you don’t have to.” (aka some corporate speak) and then links to the company’s security@whatever email so this comment from the article author is in extremely bad faith.

      • ulterno@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        5 days ago

        then links to the company’s security@whatever email

        It didn’t on 2nd June so I’d say that’s not the case.
        Web pages change.

  • stupidcasey@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    11 days ago

    Glad there smarter than me, I would have stopped at 12345

    • /home/pineapplelover@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 days ago

      I wonder what other logins they tried

  • /home/pineapplelover@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    10 days ago

    Lmao they called it the Mchire

    • jqubed@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 days ago

      I’ve seen hiring ads referring to them as McJobs

  • SaltSong@startrek.website
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 days ago

    If anyone wanted this information, they could just post a bogus job, and people will just send them the data.

  • HugeNerd@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    2
    ·
    11 days ago

    Anyone still worried about AI taking over the world and killing all the humans?

Technology@programming.dev

Technology@programming.dev

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !Technology@programming.dev

Share interesting Technology news and links.

Rules:

  1. No paywalled sites at all.
  2. News articles has to be recent, not older than 2 weeks (14 days).
  3. No videos.
  4. Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

  • Al Jazeera.
  • NBC.
  • CNBC.
  • Substack.
  • Tom’s Hardware.
  • ZDNet.
  • TechSpot.
  • Ars Technica.
  • Vox Media outlets, with exception for Axios(Due to being ad free.)
  • Engadget.
  • TechCrunch.
  • Gizmodo.
  • Futurism.
  • PCWorld.
  • ComputerWorld.
  • Mashable.

More sites will be added to the blacklist as needed.

Encouraged:

  • Archive links in the body of the post.
  • Linking to the direct source, instead of linking to an article talking about the source.
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 158 users / day
  • 1.3K users / week
  • 2.22K users / month
  • 2.57K users / 6 months
  • 1 local subscriber
  • 252 subscribers
  • 515 Posts
  • 655 Comments
  • Modlog
  • mods:
  • Pro@programming.dev
  • BE: 0.19.12
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org