Ronald McDonald has been left a little red-faced, as McDonald's has been hit by a seemingly major data breach that could be down to some dodgy artificial intelligence. Like it or not, AI is in our lives more than ever in 2025. While some are critical of its potential to wipe humanity off the face of the Earth, others are more worried about the immediate dangers of it costing real-life humans their jobs.
We've already seen Microsoft get slammed for letting some 9,000 jobs go while investing $80 billion in AI, while the likes of customer service representatives, data entry inputters, and writers (oh great), are the most at risk of being replaced by AI. Our worries about losing our jobs to artificial intelligence could also also extend to those on hiring teams, with McDonald's seemingly streamlining the process with AI.
After all, one little chatbot can easily sift through thousands of CVs in seconds. As reported by Wired, the fast food giant has accidentally exposed the data of some 64 million applicants thanks to an AI fumble.
Advert
When applying for a job at McDonald's in 2025, you'll likely be greeted by Olivia. Instead of being a friendly face from the hiring team, she's an AI chatbot that asks for your details, takes your résumé, and makes you take a personality test. There were already complaints that Olivia isn't exactly top of her game, apparently driving applicants 'insane' because she can't understand simple instructions.
Researchers have found that Olivia's overlords at Paradox.ai had a major security flaw that was a hacker's goldmine. Apparently, it's as easy as guessing that an administrator account's username as ‘admin’ and password as '123456'. This gives potential bad actors access to every chat Olivia had, meaning some very personal details could've been exposed.
Security researchers Ian Carroll and Sam Curry discovered how easy it was to hack the backend of Olivia on McHire.com, noting there were several web-based vulnerabilities that included "one laughably weak password." Up to 64 million records were there, including the names of applicants, their email addresses, and phone numbers.
Carroll says he only looked into things when he noticed that McDonald's was trying to AI-ify its hiring process: "I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more.
Advert
"So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years."
Advert
Paradox.ai directed wired to a blog post about Carroll and Curry’s hack, confirming a security update but reassuring us that the information "was not accessed by any third party” other than the pair.
Paradox.ai’s chief legal officer, Stephanie King, told Wired: "We do not take this matter lightly, even though it was resolved swiftly and effectively. We own this."
McDonald's also responded and kept the blame on Paradox as it wrote: "We’re disappointed by this unacceptable vulnerability from a third-party provider, Paradox.ai. As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us.
"We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection.”
Advert
Even though it's not the most sensitive information, Curry concluded: "Had someone exploited this, the phishing risk would have actually been massive. It's not just people's personally identifiable information and résumés. It's that information for people who are looking for a job at McDonald's, people who are eager and waiting for emails back."