Retail & E-commerceData LeakageChatbotHigh

McDonald's AI hiring chatbot exposed millions of applicants' data behind the password 123456

Security researchers found that McHire, the McDonald's hiring chatbot built by Paradox.ai, exposed the personal data of tens of millions of job applicants. An admin account secured with the password 123456 and an insecure API let researchers pull names, contact details, and chat histories.

McDonald's (Paradox.ai McHire) · Incident Jul 9, 2025 · Indexed Jun 3, 2026 · 2 sources

An admin account on the hiring chatbot was protected by the password 123456, exposing tens of millions of applicants.

Key facts

What
Security researchers found that McHire, the McDonald's hiring chatbot built by Paradox.ai, exposed the personal data of tens of millions of job applicants.
Incident date
Jul 9, 2025
Who
McDonald's (Paradox.ai McHire)
Failure mode
Data Leakage
AI surface
Chatbot
Severity
High

What happened

In July 2025 researchers reported that McHire, McDonald's AI hiring assistant from Paradox.ai, left applicant data exposed: a test admin account used the password 123456, and a weak API allowed retrieval of personal information and chat transcripts for as many as 64 million applicants. The hole was closed after disclosure.

What broke inside the model

Failure path · mode profile · Data Leakage
  1. 01 · TriggerA request triggers retrieval or context loading.
  2. 02 · Model stepThe context pulls in another user's content.
  3. 03 · Control gapNo boundary enforces isolation at the moment of output.
  4. 04 · FailurePrivate data crosses into the response.
  5. 05 · ConsequenceOne user sees another's data, and disclosure follows.

One user's content crosses the retrieval boundary into another's response.

The system surfaced data that should have stayed contained: another user's record, a secret, or training data. The failure sits at the boundary between what the model can access and what it should reveal, a boundary that was never enforced at the moment of generation.

What it cost

Public visibilityHigh
Regulatory exposurePossible
Customer impactMany customers
Financial impactEstimated
Time to disclosureWeeks

Up to ~64M applicants' data exposed

Sources

  1. PrimaryResearcher disclosure: hacking McHire and the Paradox.ai applicant databaseian.sh
  2. PressMcDonald's AI hiring bot exposed millions of applicants' data to hackers using the password 123456 (Wired)wired.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/mcdonald-ai-hiring-chatbot-exposed-millions
CitationAI Failure Index. "McDonald's AI hiring chatbot exposed millions of applicants' data behind the password 123456" (FI-0061). Realm Labs. https://failureindex.ai/failures/mcdonald-ai-hiring-chatbot-exposed-millions (indexed Jun 3, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0061. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AI Detection & Response (AIDR)

Realm can detect when a response is about to emit data that falls outside the bounds of the current user and context, and block or redact it inline, at the moment of generation rather than after the data has left.

Book a Demo

Related failures

Other records that share this failure mode (Data Leakage) or industry (Retail & E-commerce).

FI-0099SaaSHigh
Data Leakage

Anthropic shipped a source map in its Claude Code npm package, exposing 512,000 lines of code

On March 31, 2026, Anthropic published version 2.1.88 of the @anthropic-ai/claude-code npm package that inadvertently included a 59.8 MB JavaScript source map file (cli.js.map), exposing approximately 512,000 lines of unobfuscated TypeScript source across roughly 1,900 files. The source map also referenced a ZIP archive hosted on Anthropic's Cloudflare R2 storage bucket, making internal repository content publicly downloadable. Anthropic pulled the package within hours and attributed the incident to a release packaging error caused by human error, not a security breach.

Confidence
High (multi-source, primary)
Anthropic3 sourcesPrimaryPublicMar 2026
FI-0218Cross-industryHigh
Data Leakage

Sears Home Services AI chatbot databases expose millions of customer records

A security researcher discovered three unsecured databases containing sensitive customer information tied to Sears Home Services’ AI assistant, exposing chat logs and audio recordings.

Confidence
Medium (multi-source)
Sears Home Services3 sourcesPressPublicMar 2026
FI-0107Retail & E-commerceMedium
Agentic Action Error

Popeyes' AI drive-thru agent in Oahu frustrated customers with slow, repetitive ordering

A Popeyes location on Oahu, Hawaii deployed an AI voice agent to take drive-thru orders, which customers found slow, unnatural, and repeatedly asked them to rephrase their requests. The original poster described the experience as unusable, stating the AI was off-putting and kept asking him to repeat himself, making him feel like a beta tester. Other commenters corroborated similar frustrations with the same Popeyes AI system, including one who called it rude and unresponsive.

Confidence
Medium (multi-source)
Popeyes3 sourcesSocialPublicMar 2026