McDonald’s AI chatbot hacked leaving Aussie job applicants exposed: 'Full access'

6 hours ago 3

Tamika Seeto

Updated Thu, 10 July 2025, 5:24 pm 3 min read

In this article:

McDonald's and Olivia AI chatbot

McDonald's AI chatbot Olivia was hacked by security researchers, who were able to access the data of more than 64 million applicants. (Source: Reddit/Getty)

Australians who applied for jobs at McDonald’s have had their personal information exposed after the company’s AI chatbot was hacked by a simple password. McDonald’s uses an AI chatbot, Olivia, to screen job applicants worldwide, including in Australia.

The Sydney Morning Herald reported that thousands of prospective McDonald's employees in Australia had their personal information compromised by the security breach.

The bot, created by US-based software firm Paradox.ai, screens candidates and asks for information including their resumes, contact information and directs them to a personality test. Last week, security researchers found the platform suffered from basic security flaws.

Security researchers Ian Carroll and Sam Curry revealed they were able to hack into the backend of the AI chatbot platform and access some 64 million records by guessing the administrator’s username and password was ‘123456’.

RELATED

The research was first reported by Wired, with Carroll telling the US tech publication he only discovered the lack of security because he was intrigued by McDonald’s decision to use an AI chatbot to screen potential workers.

“I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more,” Carroll said.

“So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years.”

McDonald's Olivia AI chatbot

Prospective McDonald's employees speak with a chatbot named Olivia who collects their personal information, preferences and administers personality tests. (Source: Ian Carroll/Sam Curry)

McDonald’s Australia hires more than 11,000 workers each year and is one of the biggest employers in Australia. McDonald’s said it has hired around 1.3 million Australians nationwide, which is more than 5 per cent of the population.

Paradox.ai confirmed the breach in a blog post on its website and said the security researchers had reached out about the vulnerability on its system.

“We promptly investigated the issue and resolved it within a few hours of being notified,” it said.

The platform said the information “was not accessed by any third party” other than the researchers, and “at no point was any data leaked online or made public”.

It said the personal information of five US-based applicants had been accessed and viewed by the researchers. Names, email addresses, phone numbers and IP addresses from applicants were accessed.

Read Entire Article