McDonald’s AI Chatbot Breach Exposes 64 Million Records - Cyber Magazine

Security researchers gained unauthorized administrative access to Paradox.ai's McHire platform by exploiting a weak, decommissioned test account with "123456" as both username and password. This initial compromise exposed 64 million job applicant records and subsequently revealed a second Insecure Direct Object Reference (IDOR) vulnerability, allowing further access to candidate chat logs and contact information.