Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
  • Doxatek@mander.xyzEnglish
    19·
    28 days ago

    When I used to work at McDonald’s they required a fingerprint to clock in and out. They then apparently sold everyone’s biometric data. I got some kind of settlement thing but it was like $20 or something. So that was nice… I guess

  • Komodo Rodeo@lemmy.worldEnglish
    12·
    28 days ago

    “Spaceballs: the HR Robot”

    Seriously though, who the fuck uses 123456 as the password for anything? The morons pulling shit like this are making bank while the people brought onboard by McDonalds make scratch by comparison, and would be crucified for fucking up even a fraction as much as this. Millions, with six zeroes, millions of applicants’ data stolen from an account with the kind of password that a kid would use on their home computer. Fuck, this makes me so mad, the sheer incompetence.

    • Sturgist@lemmy.caEnglish
      5·
      27 days ago

      The bitlocker code for the desktop I sometimes use at work is 123456789. I asked IT who was the idiot that decided that was a good idea. The CTO apparently.

    • Asidonhopo@lemmy.worldEnglish
      2·
      27 days ago

      You just know new hires there must have to watch some anodyne video about data security that mentions secure passwords too.

    • drunkpostdisaster@lemmy.worldEnglish
      13·
      28 days ago

      I did something kinda similar when I applied. Why put effort into remembering a new password when I was only going to use it once to fill out a job ap? Wants anyone even going to do with my account?

      • Komodo Rodeo@lemmy.worldEnglish
        5·
        28 days ago

        Goddamn it man, not the user account password, the fucking admin account password. Did you even read the article? Every single user account’s information was compromised, not one random jerk with 123456 for their password.

        • piranhaconda@mander.xyzEnglish
          21·
          28 days ago

          Not the person you were responding to, but… Did I read the article stuck behind a paywall? No, no I did not

          Edit: ah I see the non paywall link now

  • bigredcar@lemmy.worldEnglish
    8·
    28 days ago

    Why do you even need a hiring bot for McDonalds? Maybe for managers but a McJob is a McJob.

  • Tikiporch@lemmy.worldEnglish
    5·
    29 days ago

    A lot of companies use Paradox. They shit canned all their HR down to the bare bones and hired Olivia, which the Paradox recruiter I worked with said is so bad he has to take over answering in chat half the time.

    • Armok_the_bunny@lemmy.worldEnglish
      11·
      29 days ago

      The risk is that some unknown hacker discovered this vulnerability and abused it before the researchers discovered and reported it. It sounds like the company has confirmed that didn’t happen, but they aren’t 100% trustworthy in that regard, simply because they might have missed something.

      • Auth@lemmy.worldEnglish
        5·
        29 days ago

        yeah i know the risk, but the headline implies the data was exposed to a hacker who tried the password 123456 but thats not the case. A security researcher was investigating the application and accessed a test application with the password 123456 then found an API call which exposed the data and then he instantly reported it.

  • vane@lemmy.worldEnglish
    13·
    29 days ago

    Paradox.ai’s chief legal officer, Stephanie King, told WIRED in an interview. “We own this.”

    I didn’t know Stephen King changed gender and is working for AI company.