Wired is reporting that McDonalds AI hiring bot “Olivia,” built by AI firm Paradox.ai, exposed millions of applicants’ data to hackers who tried the password ‘123456,’ according to security researchers Ian Carroll. You can read the research here: https://ian.sh/mcdonalds
Darren James, Senior Product Manager at cybersecurity firm Specops Software, commented:
“Even experienced IT developers make mistakes when it comes to passwords. And if these guys make mistakes that put their customers at risk, it’s even more likely that your end users will make the same errors, or make poor password choices, reuse passwords, and not follow best practice at all when it comes to cyber security and hygiene.
As such, organizations need to make sure that they adopt “fit for purpose” password policies wherever they can, to make sure that passwords, or even better passphrases, are simple to use, have not previously been breached, are strong enough for their intended use, and can be detected and acted upon should they become breached. On top of that, companies should use systems that can provide feedback to users to guide them about what is a good password, and wherever possible make use of a strong biometric 2nd factor.
All organizations should not just bury their heads in the sand about this threat. They should act quickly to have a good understanding of where they are right now when it comes to their password security posture.”
This is pretty stunning that an organization would use such a craptastic password? What this proves is that the bad guys don’t need any skill to pwn you because poor choices allow you to pwn yourself.
Related
This entry was posted on July 10, 2025 at 4:34 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried Password ‘123456 …. WTF??
Wired is reporting that McDonalds AI hiring bot “Olivia,” built by AI firm Paradox.ai, exposed millions of applicants’ data to hackers who tried the password ‘123456,’ according to security researchers Ian Carroll. You can read the research here: https://ian.sh/mcdonalds
Darren James, Senior Product Manager at cybersecurity firm Specops Software, commented:
“Even experienced IT developers make mistakes when it comes to passwords. And if these guys make mistakes that put their customers at risk, it’s even more likely that your end users will make the same errors, or make poor password choices, reuse passwords, and not follow best practice at all when it comes to cyber security and hygiene.
As such, organizations need to make sure that they adopt “fit for purpose” password policies wherever they can, to make sure that passwords, or even better passphrases, are simple to use, have not previously been breached, are strong enough for their intended use, and can be detected and acted upon should they become breached. On top of that, companies should use systems that can provide feedback to users to guide them about what is a good password, and wherever possible make use of a strong biometric 2nd factor.
All organizations should not just bury their heads in the sand about this threat. They should act quickly to have a good understanding of where they are right now when it comes to their password security posture.”
This is pretty stunning that an organization would use such a craptastic password? What this proves is that the bad guys don’t need any skill to pwn you because poor choices allow you to pwn yourself.
Share this:
Like this:
Related
This entry was posted on July 10, 2025 at 4:34 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.