McDonald's Exposed 64 Million Job Applicants. The Password Was "123456." Here's What That Means for Your Business.
Case Study AI Security May 2026 · 7 min read Security researchers spent 30 minutes reviewing McDonald's AI hiring chatbot. They typed "123456" into the admin login. It worked. They now had access to 64 million job applications — names, addresses, phone numbers, chat transcripts, personality test results. This wasn't a sophisticated attack. It was the most predictable failure in security. And it's happening in small businesses every day. Ian Carroll had been using McDonald's AI hiring chatbot — a system called McHire, built by Paradox.ai, featuring an AI recruiter named "Olivia" — when he noticed something odd about the platform's backend. He mentioned it to fellow researcher Sam Curry. Together they spent about 30 minutes looking around. At some point one of them tried the most obvious thing possible. They typed "123456" as the username and "123456" as the passwo...