this post was submitted on 09 Jul 2025

295 points (100.0% liked)

Technology

343 readers

320 users here now

Share interesting Technology news and links.

Rules:

No paywalled sites at all.
News articles has to be recent, not older than 2 weeks (14 days).
No videos.
Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

Al Jazeera;
NBC;
CNBC;
Substack;
Tom's Hardware;
ZDNet;
TechSpot;
Ars Technica;
Vox Media outlets, with exception for Axios;
Engadget;
TechCrunch;
Gizmodo;
Futurism;
PCWorld;
ComputerWorld;
Mashable;
Hackaday;
WCCFTECH;
Neowin.

More sites will be added to the blacklist as needed.

Encouraged:

Archive links in the body of the post.
Linking to the direct source, instead of linking to an article talking about the source.

founded 3 months ago

MODERATORS

Pro@programming.dev

295

McDonald’s AI Hiring Bot exposed 64 Million McDonald’s job applications to security researchers Who Tried the Password ‘123456’ (ian.sh)

submitted 1 month ago* (last edited 1 month ago) by Pro@programming.dev to c/Technology@programming.dev

17 comments fedilink hide all child comments

top 17 comments

sorted by: hot top controversial new old

[–] Honse@lemmy.dbzer0.com 45 points 1 month ago

McSecurity

[–] chemical_cutthroat@lemmy.world 41 points 1 month ago

That's the stupidest combination I've ever heard in my life! That's the kinda thing an idiot would have on his luggage!

[–] Tronn4@lemmy.world 31 points 1 month ago

[–] zzz711@sh.itjust.works 20 points 1 month ago (3 children)

Here's a crazy idea maybe you shouldn't require applicants to create an account just to apply for a job. Lord knows how many workday accounts I've created.

[–] TechLich@lemmy.world 9 points 1 month ago

Agreed, but it's not the applicants' accounts that was compromised.

That's the password for the admin panel that lets you see every single application and all their conversations with the stupid hiring bot. An order of magnitude more silly.

[–] AlecSadler@lemmy.blahaj.zone 8 points 1 month ago

Fuck workday.

[–] CaffeinatedCubits@programming.dev 1 points 1 month ago

I quit applying for jobs if they use workday

[–] otter@lemmy.dbzer0.com 13 points 1 month ago

Mel Brooks has entered the chat

[–] schwimmender@feddit.org 12 points 1 month ago (1 children)

Unfortunately, no disclosure contacts were publicly available and we had to resort to emailing random people. The Paradox.ai security page just says that we do not have to worry about security!

Lol, reading that as someone who wants to disclose a vulnerability must be frustrating.

[–] Miaou@jlai.lu 1 points 1 month ago* (last edited 1 month ago) (1 children)

The website says "We worry about security, so you don't have to." (aka some corporate speak) and then links to the company's security@whatever email so this comment from the article author is in extremely bad faith.

[–] ulterno@programming.dev 2 points 3 weeks ago* (last edited 3 weeks ago)

then links to the company’s security@whatever email

It didn't on 2nd June so I'd say that's not the case.
Web pages change.

[–] stupidcasey@lemmy.world 9 points 1 month ago (1 children)

Glad there smarter than me, I would have stopped at 12345

[–] pineapplelover@lemmy.dbzer0.com 1 points 1 month ago

I wonder what other logins they tried

[–] pineapplelover@lemmy.dbzer0.com 5 points 1 month ago (1 children)

Lmao they called it the Mchire

[–] jqubed@lemmy.world 3 points 1 month ago

I’ve seen hiring ads referring to them as McJobs

[–] SaltSong@startrek.website 2 points 1 month ago

If anyone wanted this information, they could just post a bogus job, and people will just send them the data.

[–] HugeNerd@lemmy.ca 0 points 1 month ago

Anyone still worried about AI taking over the world and killing all the humans?