Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
  • Komodo Rodeo@lemmy.worldEnglish
    17·
    7 days ago

    “Spaceballs: the HR Robot”

    Seriously though, who the fuck uses 123456 as the password for anything? The morons pulling shit like this are making bank while the people brought onboard by McDonalds make scratch by comparison, and would be crucified for fucking up even a fraction as much as this. Millions, with six zeroes, millions of applicants’ data stolen from an account with the kind of password that a kid would use on their home computer. Fuck, this makes me so mad, the sheer incompetence.

    • Sturgist@lemmy.caEnglish
      5·
      6 days ago

      The bitlocker code for the desktop I sometimes use at work is 123456789. I asked IT who was the idiot that decided that was a good idea. The CTO apparently.

    • Asidonhopo@lemmy.worldEnglish
      2·
      6 days ago

      You just know new hires there must have to watch some anodyne video about data security that mentions secure passwords too.

    • drunkpostdisaster@lemmy.worldEnglish
      23·
      6 days ago

      I did something kinda similar when I applied. Why put effort into remembering a new password when I was only going to use it once to fill out a job ap? Wants anyone even going to do with my account?

      • Komodo Rodeo@lemmy.worldEnglish
        5·
        6 days ago

        Goddamn it man, not the user account password, the fucking admin account password. Did you even read the article? Every single user account’s information was compromised, not one random jerk with 123456 for their password.

  • SolarBoy@slrpnk.netEnglish
    16·
    7 days ago

    In the future, actual hacking will just involve social engineering corporate ai systems ( aka prompt hijacking )

  • bigredcar@lemmy.worldEnglish
    9·
    7 days ago

    Why do you even need a hiring bot for McDonalds? Maybe for managers but a McJob is a McJob.

  • vane@lemmy.worldEnglish
    16·
    7 days ago

    Paradox.ai’s chief legal officer, Stephanie King, told WIRED in an interview. “We own this.”

    I didn’t know Stephen King changed gender and is working for AI company.

    • Chozo@fedia.io
      12·
      7 days ago

      “Hacker” doesn’t always imply one acting with malicious intent.

      • Lost_My_Mind@lemmy.worldEnglish
        7·
        7 days ago

        If the 90s taught me anything, it’s that hacking is done exclusively on monochrome green monitors, with dos. Except once they hack in, the monitor is full color, and somehow has access to every video camera on the planet. With the ability to enhsnce resolution seemingly to magical levels where you can see a clear reflection in someones pupil.

        ENHANCE!!!

    • Armok_the_bunny@lemmy.worldEnglish
      31·
      7 days ago

      The risk is that some unknown hacker discovered this vulnerability and abused it before the researchers discovered and reported it. It sounds like the company has confirmed that didn’t happen, but they aren’t 100% trustworthy in that regard, simply because they might have missed something.

      • Auth@lemmy.worldEnglish
        7·
        7 days ago

        yeah i know the risk, but the headline implies the data was exposed to a hacker who tried the password 123456 but thats not the case. A security researcher was investigating the application and accessed a test application with the password 123456 then found an API call which exposed the data and then he instantly reported it.

  • Tikiporch@lemmy.worldEnglish
    6·
    7 days ago

    A lot of companies use Paradox. They shit canned all their HR down to the bare bones and hired Olivia, which the Paradox recruiter I worked with said is so bad he has to take over answering in chat half the time.