A security flaw in McHire allowed access to sensitive applicant data via default admin credentials and a vulnerable API. The issue was patched swiftly after disclosure.
A security oversight in McDonald’s AI-powered hiring platform “McHire” was found exposing sensitive applicant data belonging to as many as 64 million job seekers.
Discovered in late June 2025 by security researchers Ian Carroll and Sam Curry, the issue was a default admin login and an insecure direct object reference (IDOR) in an...