🪦

Vibe Graveyard

Back to Graveyard

McDonald's AI hiring chatbot left open by '123456' default credentials

Tombstone icon
Jun 2025

Researchers accessed McHire's admin with default '123456' credentials and an IDOR, exposing up to 64 million applicant records before Paradox.ai patched the issues after disclosure.

Incident Details

Perpetrator:Vendor/Developer
Severity:Facepalm
Blast Radius:Up to 64M applicant records exposed; vendor patched; reputational risk.