Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
  • Doxatek@mander.xyzEnglish
    27·
    6 days ago

    When I used to work at McDonald’s they required a fingerprint to clock in and out. They then apparently sold everyone’s biometric data. I got some kind of settlement thing but it was like $20 or something. So that was nice… I guess

  • fmstrat@lemmy.nowsci.comEnglish
    44·
    7 days ago

    I hate any company that uses or builds AI to screen out hires so, so much. Tagging metadata is OK, but filtering is just evil (am/have been a hiring manager).

    The company also added that it’s instituting a bug bounty program to better catch security vulnerabilities in the future. “We do not take this matter lightly, even though it was resolved swiftly and effectively,”

    I also hate it more that I can’t hate them for doing the right thing.

    • Gormadt@lemmy.blahaj.zoneEnglish
      7·
      6 days ago

      They only did the right thing after getting caught openly doing the wrong thing, so I’d say I’d still be pissed.

      They should have never put the system in place with such a simple vulnerability (which to me) says they take such a laxodasical approach to security that I wouldn’t trust them even now.

    • Komodo Rodeo@lemmy.worldEnglish
      2·
      6 days ago

      Speak for yourself, I’m holding out hope that the universe is actually a little fair, and that the dolt responsible to creating that password, and subsequently fucking over millions of people has their testicles ruptured. Who are these idiots?

  • SolarBoy@slrpnk.netEnglish
    19·
    6 days ago

    In the future, actual hacking will just involve social engineering corporate ai systems ( aka prompt hijacking )

  • Komodo Rodeo@lemmy.worldEnglish
    18·
    6 days ago

    “Spaceballs: the HR Robot”

    Seriously though, who the fuck uses 123456 as the password for anything? The morons pulling shit like this are making bank while the people brought onboard by McDonalds make scratch by comparison, and would be crucified for fucking up even a fraction as much as this. Millions, with six zeroes, millions of applicants’ data stolen from an account with the kind of password that a kid would use on their home computer. Fuck, this makes me so mad, the sheer incompetence.

    • Sturgist@lemmy.caEnglish
      5·
      5 days ago

      The bitlocker code for the desktop I sometimes use at work is 123456789. I asked IT who was the idiot that decided that was a good idea. The CTO apparently.

    • Asidonhopo@lemmy.worldEnglish
      2·
      5 days ago

      You just know new hires there must have to watch some anodyne video about data security that mentions secure passwords too.

    • drunkpostdisaster@lemmy.worldEnglish
      3·
      6 days ago

      I did something kinda similar when I applied. Why put effort into remembering a new password when I was only going to use it once to fill out a job ap? Wants anyone even going to do with my account?

      • Komodo Rodeo@lemmy.worldEnglish
        7·
        6 days ago

        Goddamn it man, not the user account password, the fucking admin account password. Did you even read the article? Every single user account’s information was compromised, not one random jerk with 123456 for their password.

        • piranhaconda@mander.xyzEnglish
          3·
          6 days ago

          Not the person you were responding to, but… Did I read the article stuck behind a paywall? No, no I did not

          Edit: ah I see the non paywall link now

  • bigredcar@lemmy.worldEnglish
    13·
    6 days ago

    Why do you even need a hiring bot for McDonalds? Maybe for managers but a McJob is a McJob.

    • dick_fineman@discuss.onlineEnglish
      14·
      6 days ago

      I help folks with disabilities get jobs, so I’m familiar. I generally avoid fast food for my people, because it’s degrading and no one really wants a McJob. That being said, the bot actually makes it easier to apply, and they immediately schedule an interview…because they don’t care what your resume says and they just need warm bodies to throw at angry customers. Again, I avoid it for my folks wherever possible.

  • Tikiporch@lemmy.worldEnglish
    12·
    7 days ago

    A lot of companies use Paradox. They shit canned all their HR down to the bare bones and hired Olivia, which the Paradox recruiter I worked with said is so bad he has to take over answering in chat half the time.

  • vane@lemmy.worldEnglish
    2·
    6 days ago

    Paradox.ai’s chief legal officer, Stephanie King, told WIRED in an interview. “We own this.”

    I didn’t know Stephen King changed gender and is working for AI company.

    • Lost_My_Mind@lemmy.worldEnglish
      22·
      7 days ago

      ETA? Estimated Time of Arrival?

      One of us doesn’t know what that stands for. I feel like the time my grandpa died, and mom sent me an email telling me “We’re going to the funeral this Friday to pay respects to grandpa. LOL!”

      I was quite confused. Turns out she grew up with “Lots Of Love”. For a second she seemed like she turned into an absolute psychopath, for like…no reason.

      • spizzat2@lemmy.zipEnglish
        38·
        7 days ago

        ETA? Estimated Time of Arrival?

        In this context, it means “Edited To Add”. I do wish they abbreviated it some other way, since “Estimated Time of Arrival” is a much more common meaning. I would accept “E2A” or something stupid, as long as it was more unique. Alternatively, they could just use “Edit:”.

        Edit: added link.

      • tate@lemmy.sdf.orgEnglish
        4·
        6 days ago

        ETA = Edit to add

        Just trying to explain why my comment changed, in case anyone saw it before that LOL.

    • Jolteon@lemmy.zipEnglish
      52·
      7 days ago

      I don’t think you were quite grasping the scope the McDonald’s operates at. That’s only a couple hundred per location, and fast food restaurants tend to have extremely high turnover, so that’s definitely not an unrealistic number.

    • Dave@lemmy.nzEnglish
      10·
      7 days ago

      They have over 40k locations. Many are 24/7. They also surely churn through employees, have many part time employees, and probably get many more applicants than they hire.

      The employees will be hired by the franchisees but they still use the McDonalds software.

      Millions is not a surprise to me at all. Perhaps that it’s tens of millions is a little surprising, but it still seems within the realm of possibility.

    • Dudewitbow@lemmy.zipEnglish
      5·
      7 days ago

      i mean there’s a shit ton of unskilled labor out there whose vertical reach isn’t that great.