Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
  • Komodo Rodeo@lemmy.worldEnglish
    3·
    8 hours ago

    “Spaceballs: the HR Robot”

    Seriously though, who the fuck uses 123456 as the password for anything? The morons pulling shit like this are making bank while the people brought onboard by McDonalds make scratch by comparison, and would be crucified for fucking up even a fraction as much as this. Millions, with six zeroes, millions of applicants’ data stolen from an account with the kind of password that a kid would use on their home computer. Fuck, this makes me so mad, the sheer incompetence.

    • drunkpostdisaster@lemmy.worldEnglish
      1·
      30 minutes ago

      I did something kinda similar when I applied. Why put effort into remembering a new password when I was only going to use it once to fill out a job ap? Wants anyone even going to do with my account?

  • bigredcar@lemmy.worldEnglish
    10·
    12 hours ago

    Why do you even need a hiring bot for McDonalds? Maybe for managers but a McJob is a McJob.

  • naticus@lemmy.worldEnglish
    581·
    1 day ago

    “Hacker” when the password could be guessed by an elementary student. Jfc.

  • Tikiporch@lemmy.worldEnglish
    6·
    1 day ago

    A lot of companies use Paradox. They shit canned all their HR down to the bare bones and hired Olivia, which the Paradox recruiter I worked with said is so bad he has to take over answering in chat half the time.

  • vane@lemmy.worldEnglish
    26·
    14 hours ago

    Paradox.ai’s chief legal officer, Stephanie King, told WIRED in an interview. “We own this.”

    I didn’t know Stephen King changed gender and is working for AI company.

    • Armok_the_bunny@lemmy.worldEnglish
      11·
      1 day ago

      The risk is that some unknown hacker discovered this vulnerability and abused it before the researchers discovered and reported it. It sounds like the company has confirmed that didn’t happen, but they aren’t 100% trustworthy in that regard, simply because they might have missed something.

      • Auth@lemmy.worldEnglish
        7·
        1 day ago

        yeah i know the risk, but the headline implies the data was exposed to a hacker who tried the password 123456 but thats not the case. A security researcher was investigating the application and accessed a test application with the password 123456 then found an API call which exposed the data and then he instantly reported it.