Would you like an IDOR with that? Leaking 64 million McDonald’s job applications
ian.sh
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We discovered a vulnerability that could allow an attacker to access more than 64 million job applications. This data includes applicants' names, resumes, email addresses, phone numbers, and personality test results.
  • schwimmender@feddit.orgEnglish
    2·
    1 month ago

    Unfortunately, no disclosure contacts were publicly available and we had to resort to emailing random people. The Paradox.ai security page just says that we do not have to worry about security!

    Lol, reading that as someone who wants to disclose a vulnerability must be frustrating.

    • Miaou@jlai.luEnglish
      0·
      1 month ago

      The website says “We worry about security, so you don’t have to.” (aka some corporate speak) and then links to the company’s security@whatever email so this comment from the article author is in extremely bad faith.

      • ulterno@programming.devEnglish
        2·
        1 month ago

        then links to the company’s security@whatever email

        It didn’t on 2nd June so I’d say that’s not the case.
        Web pages change.

  • zzz711@sh.itjust.worksEnglish
    1·
    1 month ago

    Here’s a crazy idea maybe you shouldn’t require applicants to create an account just to apply for a job. Lord knows how many workday accounts I’ve created.