Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
If the 90s taught me anything, it’s that hacking is done exclusively on monochrome green monitors, with dos. Except once they hack in, the monitor is full color, and somehow has access to every video camera on the planet. With the ability to enhsnce resolution seemingly to magical levels where you can see a clear reflection in someones pupil.
The risk is that some unknown hacker discovered this vulnerability and abused it before the researchers discovered and reported it. It sounds like the company has confirmed that didn’t happen, but they aren’t 100% trustworthy in that regard, simply because they might have missed something.
yeah i know the risk, but the headline implies the data was exposed to a hacker who tried the password 123456 but thats not the case. A security researcher was investigating the application and accessed a test application with the password 123456 then found an API call which exposed the data and then he instantly reported it.
Wasnt it a security researcher and not a hacker?
“Hacker” doesn’t always imply one acting with malicious intent.
If the 90s taught me anything, it’s that hacking is done exclusively on monochrome green monitors, with dos. Except once they hack in, the monitor is full color, and somehow has access to every video camera on the planet. With the ability to enhsnce resolution seemingly to magical levels where you can see a clear reflection in someones pupil.
ENHANCE!!!
Black hoodie and sunglasses in the dark
The risk is that some unknown hacker discovered this vulnerability and abused it before the researchers discovered and reported it. It sounds like the company has confirmed that didn’t happen, but they aren’t 100% trustworthy in that regard, simply because they might have missed something.
yeah i know the risk, but the headline implies the data was exposed to a hacker who tried the password 123456 but thats not the case. A security researcher was investigating the application and accessed a test application with the password 123456 then found an API call which exposed the data and then he instantly reported it.
The difference in terminology is simple…
A legit paycheck.