If you want Working at McDonald’s Today is a good chance that you will have to talk to Olivia. Olivia is not a human being, but instead of a chatbot AI, who checks the applicants, asks for their contact and CV information, directs them to the personality test, and sometimes makes them “go crazy“By repeatedly they do not understand their most basic questions.
Until the last week, the platform, which is run by Olivia Chatbot, built by a company dealing with the software for artificial intelligence Paradox.Ai, also suffered from absurdly basic security defects. As a result, virtually every hacker could access the records of each Olivia chat that they had with McDonald applicants – including all personal data they provided in these conversations – with articles as elementary as guessing usernames and the password “123456”.
On Wednesday, Ian Carroll safety researchers and the curry revealed That they found elementary methods of hacking into the facilities of the AI Chatbot platform on MCHRE.COM, McDonald’s website, which many of his franchisees employ to handle the job application. Carroll and Curry, hackers with long path The record of independent security tests has found that elementary internet gaps-in this guessing one humorous password-have been tied up to access to Paradox.Ai account and inquiries about the company’s database that contained the chat of every MCHRE user with Olivia. It seems that the data includes as much as 64 million records, including the name of the candidates, E -mail addresses and telephone numbers.
Carroll says that he only discovered that the terrifying lack of security around the information of the candidates, because he was intrigued by McDonald’s decision to subject potential up-to-date employees to the script and the personality test of Chatbot AI. “I just thought it was quite extremely dystopian compared to the normal employment process, right? And this made me want to look at it,” says Carroll. “So I started to apply for a job, and then after 30 minutes we had full access to virtually every application that was ever submitted to the years that reach the years of McDonald.”
When Wired contacted McDonald’s and Paradox.Ai for a comment, a spokesman for Paradox.Ai released a blog post that the company planned to publish, which confirmed the discoveries of Carroll and Curry. The company noticed that only a fraction of Carroll and Curry entries available contained personal data, and said that it checked that the account with the slogan “123456”, which revealed the information “was not obtained to any third page” differently than scientists. The company also added that it introduces an error prize program to better catch the gaps in the future. “We do not take this matter slightly, even though it has been solved quickly and effectively,” said Wired Paradox.Ai, Stephanie King in an interview. “We have it.”
In his own statement for Wired McDonald’s agreed that Paradox.Ai was guilty. “We are disappointed with this unacceptable sensitivity from an external supplier, paradox.Ai. As soon as we found out about it, we ordered paradox.Ai to immediately solve the problem, and the same day was reported to us,” we read in a statement. “We seriously treat our commitment to cyber security and we will continue to pull our external suppliers responsible for meeting our data protection standards.”