Introduction
McHire is the chatbot recruitment platform used by 90% of McDonald’s franchisees. Prospective employees chat with a bot named Olivia, created by a company called Paradox.ai, that collects their personal information, shift preferences, and administers personality tests. We noticed this after seeing complaints on Reddit of the bot responding with nonsensical answers.
During a cursory security review of a few hours, we identified two serious issues: the McHire administration interface for restaurant owners accepted the default credentials 123456:123456
, and an insecure direct object reference (IDOR) on an internal API allowed us to access any contacts and chats we wanted. Together they allowed us and anyone else with a McHire account and access to any inbox to retrieve the personal data of more than 64 million applicants.
Applying for a job
We started by applying for a job at our local McDonald’s. McHire has a consumer-facing site at https://jobs.mchire.com/ where it is easy to find available postings near you. We were immediately sent to Olivia, who helped us fill in our email and phone number along with what shifts we can work, and we were instantly moved to the next stage: the personality test!
The personality test was a disturbing experience powered by Traitify.com where we were asked if phrases like “enjoys overtime” are either Me or Not Me. It was simple to guess that we should probably select Me for the pro-employer questions and Not Me for questions referencing being argumentative or aggressive, but it was still quite strange.
Unfortunately, after this, we were stuck without any further progress and appeared to be awaiting human review. We tried to prompt inject the Olivia chatbot, which likely ruined our chance at a human approving us, but it seemed to be locked to a list of pre-set responses or something similar, and there were no interesting APIs for the candidates.
Logging in
We noticed that restaurant owners can login to view applicants at https://www.mchire.com/signin. Although the app tries to force SSO for McDonald’s, there is a smaller link for “Paradox team members” that caught our eye.
Without much thought, we entered “123456” as the username and “123456” as the password and were surprised to see we were immediately logged in!
It turned out we had become the administrator of a test restaurant inside the McHire system. We could see all of the employees of the restaurant were simply employees of Paradox.ai, the company behind McHire. This was great because we could now see how the app worked, but annoying because we had still not demonstrated any actual confidentiality or integrity impact.
Applying for our job
We decided to apply to one of the test job postings the account had set up already and see what it looked like on the other side. The restaurant can view all of the in-progress conversations with “Olivia” and then intervene when they hit certain stages like having completed the personality test.
While viewing our test conversations, we noticed an interesting API to fetch the candidate information PUT /api/lead/cem-xhr
, which seems to be a reference to proxying to some kind of Customer or Candidate Experience Manager (CEM) via an XHR request. The main parameter of this request was the lead_id
of the chat, which for our test applicant was about 64,185,742
. We tried decrementing this number, and were immediately faced with PII from another McDonald’s applicant (including “unmasked” contact data)!
We quickly realized this API allows us to access every chat interaction that has ever applied for a job at McDonald’s. The information returned included:
- Name, email address, phone number, address
- Candidacy state and every state change/form input the candidate had submitted (shifts they could work, etc)
- Auth token to log into the consumer UI as that user, leaking their raw chat messages and presumably other information
We immediately began disclosure of this issue once we realized the potential impact. Unfortunately, no disclosure contacts were publicly available and we had to resort to emailing random people. The Paradox.ai security page just says that we do not have to worry about security!
After our outreach reached the appropriate people, the Paradox.ai team engaged with us, emphasized that safeguarding candidate and client data was their top priority, promptly remediated the vulnerability, and committed to further reviews to identify and close any remaining avenues of exploitation.
Disclosure
We disclosed this issue to Paradox.ai and McDonald’s at the same time.
- 06/30/2025 5:46PM ET: Disclosed to Paradox.ai and McDonald’s
- 06/30/2025 6:24PM ET: McDonald’s confirms receipt and requests technical details
- 06/30/2025 7:31PM ET: Credentials are no longer usable to access the app
- 07/01/2025 9:44PM ET: Followed up on status
- 07/01/2025 10:18PM ET: Paradox.ai confirms the issues have been resolved
Collaborators
- Ian Carroll (https://twitter.com/iangcarroll)
- Sam Curry (https://twitter.com/samwcyo)