McDonald’s AI hiring tool’s password ‘123456’ exposed data of 64M applicants - csoonline.com

A critical security flaw in McDonald's McHire AI hiring tool leveraged default '123456' administrative credentials combined with an Insecure Direct Object Reference (IDOR) vulnerability in an internal API. This exploit allowed researchers to access and potentially expose sensitive Personally Identifiable Information (PII) for millions of job applicants, including chat histories and contact details.