this post was submitted on 09 Jul 2025

295 points (100.0% liked)

Technology

247 readers

164 users here now

Share interesting Technology news and links.

Rules:

No paywalled sites at all.
News articles has to be recent, not older than 2 weeks (14 days).
No videos.
Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

Al Jazeera.
NBC.
CNBC.
Substack.
Tom's Hardware.
ZDNet.
TechSpot.
Ars Technica.
Vox Media outlets, with exception for Axios(Due to being ad free.)
Engadget.
TechCrunch.
Gizmodo.
Futurism.
PCWorld.
ComputerWorld.
Mashable.

More sites will be added to the blacklist as needed.

Encouraged:

Archive links in the body of the post.
Linking to the direct source, instead of linking to an article talking about the source.

founded 2 months ago

MODERATORS

Pro@programming.dev

295

McDonald’s AI Hiring Bot exposed 64 Million McDonald’s job applications to security researchers Who Tried the Password ‘123456’ (ian.sh)

submitted 1 week ago* (last edited 1 week ago) by Pro@programming.dev to c/Technology@programming.dev

17 comments fedilink hide all child comments

top 17 comments

sorted by: hot top controversial new old

[–] Honse@lemmy.dbzer0.com 45 points 1 week ago

McSecurity

[–] chemical_cutthroat@lemmy.world 41 points 1 week ago

That's the stupidest combination I've ever heard in my life! That's the kinda thing an idiot would have on his luggage!

[–] Tronn4@lemmy.world 31 points 1 week ago

[–] zzz711@sh.itjust.works 20 points 1 week ago (3 children)

Here's a crazy idea maybe you shouldn't require applicants to create an account just to apply for a job. Lord knows how many workday accounts I've created.

[–] TechLich@lemmy.world 9 points 1 week ago

Agreed, but it's not the applicants' accounts that was compromised.

That's the password for the admin panel that lets you see every single application and all their conversations with the stupid hiring bot. An order of magnitude more silly.

[–] AlecSadler@lemmy.blahaj.zone 8 points 1 week ago

Fuck workday.

[–] CaffeinatedCubits@programming.dev 1 points 1 week ago

I quit applying for jobs if they use workday

[–] otter@lemmy.dbzer0.com 13 points 1 week ago

Mel Brooks has entered the chat

[–] schwimmender@feddit.org 12 points 1 week ago (1 children)

Unfortunately, no disclosure contacts were publicly available and we had to resort to emailing random people. The Paradox.ai security page just says that we do not have to worry about security!

Lol, reading that as someone who wants to disclose a vulnerability must be frustrating.

[–] Miaou@jlai.lu 1 points 1 week ago* (last edited 1 week ago) (1 children)

The website says "We worry about security, so you don't have to." (aka some corporate speak) and then links to the company's security@whatever email so this comment from the article author is in extremely bad faith.

[–] ulterno@programming.dev 2 points 3 days ago* (last edited 3 days ago)

then links to the company’s security@whatever email

It didn't on 2nd June so I'd say that's not the case.
Web pages change.

[–] stupidcasey@lemmy.world 9 points 1 week ago (1 children)

Glad there smarter than me, I would have stopped at 12345

[–] pineapplelover@lemmy.dbzer0.com 1 points 1 week ago

I wonder what other logins they tried

[–] pineapplelover@lemmy.dbzer0.com 5 points 1 week ago (1 children)

Lmao they called it the Mchire

[–] jqubed@lemmy.world 3 points 1 week ago

I’ve seen hiring ads referring to them as McJobs

[–] SaltSong@startrek.website 2 points 1 week ago

If anyone wanted this information, they could just post a bogus job, and people will just send them the data.

[–] HugeNerd@lemmy.ca 0 points 1 week ago

Anyone still worried about AI taking over the world and killing all the humans?