Carroll said, “Although the app tries to force single sign-on (SSO) for McDonald’s, there is a smaller link for ‘Paradox team members’ that caught our eye,” as quoted in the report. Carroll revealed that, “Without much thought, we entered ‘123456’ as the password and were surprised to see we were immediately logged in!,” as quoted in the report.

Once they got inside, they found something even more troubling: that an internal API endpoint allowed access to fetch applicant data by using a predictable parameter, according to the report. This insecure direct object reference, or IDOR, meant they could view personal data of the applicant, chat transcripts with Olivia, names, email addresses, phone numbers, job application details, and even tokens that could let someone impersonate a candidate, as reported by CSO Online.The issue was discovered after Reddit users began complaining that Olivia was giving strange or nonsensical responses, which led the researchers to take a closer look, according to the report. However, the issue of Olivia was immediately resolved by McDonald’s and Paradox.ai (Olivia’s creator) upon disclosure, reported CSO Online.ALSO READ: Dogecoin and Shiba Inu skyrocket as meme coins explode during crypto market boomA senior manager for professional services consulting at Black Duck, Aditi Gupta, pointed out that, “The McDonald’s breach confirms that even sophisticated AI systems can be compromised by elementary security oversights,” and added, “The rush to deploy new technology must not compromise basic security principles. Organizations must prioritize fundamental security measures to ensure uncompromised trust in their software, especially for the increasingly regulated, AI-powered world,” as quoted in the report.

Desired Effect's CEO Evan Dornbush highlighted that, “This incident is a prime example of what happens when organizations deploy technology without an understanding of how it works or how it can be operated by untrusted users,” adding that, “With AI systems handling millions of sensitive data points, organizations must invest in understanding and mitigating pre-emergent threats, or they’ll find themselves playing catch-up, with their customers’ trust on the line,” as quoted by the CSO Online report.

However, after the disclosure on June 30, Paradox.ai and McDonald’s acknowledged the vulnerability quickly, and by July 1, default credentials were disabled and the endpoint was secured, according to the report. Paradox.ai also said that it will conduct further security audits, reported CSO Online.

Later, a Paradox staff member wrote on its website, “We are confident that, based on our records, this test account was not accessed by any third party other than the security researchers,” and emphasised that “at no point was candidate information leaked online or made publicly available. Five candidates in total had information viewed because of this incident, and it was only viewed by the security researchers. This incident impacted one organization — no other Paradox clients were impacted,” as quoted by the CSO Online report.

While the chief information security officer at Cequence Security, Randolph Barr warned that, “Even though there’s no indication the data has been used maliciously yet, the scale and sensitivity of the exposure could fuel targeted phishing, smishing/vishing, and even social engineering campaigns,” and added that, “Combined with AI tooling, attackers could craft incredibly personalized and convincing threats,” as quoted by CSO Online.
Applicant chat logs, contact details, job application responses, shift preferences, personality test results, and impersonation tokens were accessible.

They used a publicly visible login labeled “Paradox team members” and guessed the default password “123456,” which gave them immediate access.