Paywall removed: archive.ph/sn2Ud
“Hacker” when the password could be guessed by an elementary student. Jfc.
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’
Submitted 3 weeks ago by return2ozma@lemmy.world to technology@lemmy.world
https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
Comments
naticus@lemmy.world 3 weeks ago
PattyMcB@lemmy.world 3 weeks ago
Pool on the roof must have a leak
altphoto@lemmy.today 3 weeks ago
cybervseas@lemmy.world 3 weeks ago
12345? Amazing, I have the same combination on my luggage!
Jimmycakes@lemmy.world 3 weeks ago
No.
This is completely different and unhackable. 12345…6!
SunshineJogger@feddit.org 3 weeks ago
“hackers”…
explodicle@sh.itjust.works 3 weeks ago
Back in my day all the social engineering was done to humans.
friend_of_satan@lemmy.world 3 weeks ago
Love, secret, sex, and god.
darthmachina@sh.itjust.works 3 weeks ago
The greatest hackers of all time: Crash Override and Acid Burn.
fmstrat@lemmy.nowsci.com 3 weeks ago
I hate any company that uses or builds AI to screen out hires so, so much. Tagging metadata is OK, but filtering is just evil (am/have been a hiring manager).
The company also added that it’s instituting a bug bounty program to better catch security vulnerabilities in the future. “We do not take this matter lightly, even though it was resolved swiftly and effectively,”
I also hate it more that I can’t hate them for doing the right thing.
Gormadt@lemmy.blahaj.zone 3 weeks ago
They only did the right thing after getting caught openly doing the wrong thing, so I’d say I’d still be pissed.
They should have never put the system in place with such a simple vulnerability (which to me) says they take such a laxodasical approach to security that I wouldn’t trust them even now.
TrojanRoomCoffeePot@lemmy.world 3 weeks ago
Speak for yourself, I’m holding out hope that the universe is actually a little fair, and that the dolt responsible to creating that password, and subsequently fucking over millions of people has their testicles ruptured. Who are these idiots?
tate@lemmy.sdf.org 3 weeks ago
McDonalds gets millions of applications? wtf?
Jolteon@lemmy.zip 3 weeks ago
I don’t think you were quite grasping the scope the McDonald’s operates at. That’s only a couple hundred per location, and fast food restaurants tend to have extremely high turnover, so that’s definitely not an unrealistic number.
Lost_My_Mind@lemmy.world 3 weeks ago
ETA? Estimated Time of Arrival?
One of us doesn’t know what that stands for. I feel like the time my grandpa died, and mom sent me an email telling me “We’re going to the funeral this Friday to pay respects to grandpa. LOL!”
I was quite confused. Turns out she grew up with “Lots Of Love”. For a second she seemed like she turned into an absolute psychopath, for like…no reason.
spizzat2@lemmy.zip 3 weeks ago
ETA? Estimated Time of Arrival?
In this context, it means “Edited To Add”. I do wish they abbreviated it some other way, since “Estimated Time of Arrival” is a much more common meaning. I would accept “E2A” or something stupid, as long as it was more unique. Alternatively, they could just use “Edit:”.
tate@lemmy.sdf.org 3 weeks ago
ETA = Edit to add
Just trying to explain why my comment changed, in case anyone saw it before that LOL.
Dave@lemmy.nz 3 weeks ago
They have over 40k locations. Many are 24/7. They also surely churn through employees, have many part time employees, and probably get many more applicants than they hire.
The employees will be hired by the franchisees but they still use the McDonalds software.
Millions is not a surprise to me at all. Perhaps that it’s tens of millions is a little surprising, but it still seems within the realm of possibility.
Dudewitbow@lemmy.zip 3 weeks ago
i mean there’s a shit ton of unskilled labor out there whose vertical reach isn’t that great.
Lost_My_Mind@lemmy.world 3 weeks ago
What does their basketball skills have to do with this?
/s
just_another_person@lemmy.world 3 weeks ago
They pay well everywhere but the US.
barnaclebutt@lemmy.world 3 weeks ago
I’m so lucky that my password is hunter2
scholar@lemmy.world 3 weeks ago
All I see is *******?
bfg9k@lemmy.world 3 weeks ago
That’s cause I copied your password but it shows up as *******
See: hunter2
ipitco@lemmybefree.net 3 weeks ago
I forgot what it was referring to and searched a bit
drunkpostdisaster@lemmy.world 3 weeks ago
ah… classic.
Fuck i am old.
Imgonnatrythis@sh.itjust.works 3 weeks ago
I don’t know why you are getting so many upvotes for being a liar. Tried it on Lemmy.world and it doesn’t work. I even tried it with a capital H.
Doxatek@mander.xyz 3 weeks ago
When I used to work at McDonald’s they required a fingerprint to clock in and out. They then apparently sold everyone’s biometric data. I got some kind of settlement thing but it was like $20 or something. So that was nice… I guess
SnortsGarlicPowder@lemmy.zip 3 weeks ago
If the class action I found online is the same one. My old shitty job tried to implement biometrics and dropped it around the time of that class action. What a coincidence. So thanks?
Doxatek@mander.xyz 3 weeks ago
You’re welcome. I am glad to lose my fingerprint data for assistance of a friend
sugar_in_your_tea@sh.itjust.works 3 weeks ago
Sweet, now you can buy a big mac or a happy meal! Not both though…
Doxatek@mander.xyz 3 weeks ago
Maybe the happy meal then. :')
SolarBoy@slrpnk.net 3 weeks ago
In the future, actual hacking will just involve social engineering corporate ai systems ( aka prompt hijacking )
tonytins@pawb.social 3 weeks ago
TrojanRoomCoffeePot@lemmy.world 3 weeks ago
“Spaceballs: the HR Robot”
Seriously though, who the fuck uses 123456 as the password for anything? The morons pulling shit like this are making bank while the people brought onboard by McDonalds make scratch by comparison, and would be crucified for fucking up even a fraction as much as this. Millions, with six zeroes, millions of applicants’ data stolen from an account with the kind of password that a kid would use on their home computer. Fuck, this makes me so mad, the sheer incompetence.
Sturgist@lemmy.ca 3 weeks ago
The bitlocker code for the desktop I sometimes use at work is 123456789. I asked IT who was the idiot that decided that was a good idea. The CTO apparently.
drunkpostdisaster@lemmy.world 3 weeks ago
I did something kinda similar when I applied. Why put effort into remembering a new password when I was only going to use it once to fill out a job ap?
TrojanRoomCoffeePot@lemmy.world 3 weeks ago
Goddamn it man, not the user account password, the fucking admin account password. Did you even read the article? Every single user account’s information was compromised, not one randoms jerk with 123456 for their password.
Asidonhopo@lemmy.world 3 weeks ago
You just know new hires there must have to watch some anodyne video about data security that mentions secure passwords too.
bigredcar@lemmy.world 3 weeks ago
Why do you even need a hiring bot for McDonalds? Maybe for managers but a McJob is a McJob.
dick_fineman@discuss.online 3 weeks ago
I help folks with disabilities get jobs, so I’m familiar. I generally avoid fast food for my people, because it’s degrading and no one really wants a McJob. That being said, the bot actually makes it easier to apply, and they immediately schedule an interview…because they don’t care what your resume says and they just need warm bodies to throw at angry customers. Again, I avoid it for my folks wherever possible.
Tikiporch@lemmy.world 3 weeks ago
A lot of companies use Paradox. They shit canned all their HR down to the bare bones and hired Olivia, which the Paradox recruiter I worked with said is so bad he has to take over answering in chat half the time.
Auth@lemmy.world 3 weeks ago
Wasnt it a security researcher and not a hacker?
Armok_the_bunny@lemmy.world 3 weeks ago
The risk is that some unknown hacker discovered this vulnerability and abused it before the researchers discovered and reported it. It sounds like the company has confirmed that didn’t happen, but they aren’t 100% trustworthy in that regard, simply because they might have missed something.
Auth@lemmy.world 3 weeks ago
yeah i know the risk, but the headline implies the data was exposed to a hacker who tried the password 123456 but thats not the case. A security researcher was investigating the application and accessed a test application with the password 123456 then found an API call which exposed the data and then he instantly reported it.
SheeEttin@lemmy.zip 3 weeks ago
WhatsHerBucket@lemmy.world 3 weeks ago
The difference in terminology is simple…
A legit paycheck.
bitjunkie@lemmy.world 3 weeks ago
“Hackers”
vane@lemmy.world 3 weeks ago
Paradox.ai’s chief legal officer, Stephanie King, told WIRED in an interview. “We own this.”
I didn’t know Stephen King changed gender and is working for company AI now.
dhork@lemmy.world 3 weeks ago
I guess I need to change the password on my luggage
FancyPantsFIRE@lemmy.world 3 weeks ago
Image
PattyMcB@lemmy.world 3 weeks ago
How do I know you’re not making faces at me under that thing?
zr0@lemmy.dbzer0.com 3 weeks ago
Yes. Do that. Thanks to the TSA, I can now open any luggage without traces. Saves a lot of time. Don’t have to enter 123456 anymore.