Breach cyber

Paradox.ai

Jul 18, 2025 1 min read
Paradox.ai

Security researchers revealed that the personal information of millions of job applicants at McDonald’s was exposed due to a weak password for Paradox.ai's account. The breach exposed 64 million records, including names, email addresses, and phone numbers. Additionally, a Paradox.ai administrator in Vietnam suffered a malware compromise that stole usernames and passwords for various internal and third-party services. The company acknowledged the breach but claimed no sensitive information was exposed and that the issue did not affect other clients.

Source: https://krebsonsecurity.com/2025/07/poor-passwords-tattle-on-ai-hiring-bot-maker-paradox-ai/

TPRM report: https://scoringcyber.rankiteo.com/company/paradoxolivia

"id": "par555071825",
"linkid": "paradoxolivia",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "",
"explanation": "Attack with significant impact with customers data leaks: Attack which causes leak of personal information of customers ( only if no ransomware )"
{'affected_entities': [{'industry': 'Food and Beverage',
                        'location': 'Global',
                        'name': "McDonald's",
                        'size': 'Large',
                        'type': 'Fast Food Chain'},
                       {'customers_affected': ["McDonald's",
                                               'Aramark',
                                               'Lockheed Martin',
                                               'Lowes',
                                               'Pepsi'],
                        'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Paradox.ai',
                        'size': 'Medium',
                        'type': 'AI-based Hiring Chatbot Provider'}],
 'attack_vector': 'Weak Password',
 'data_breach': {'number_of_records_exposed': 64000000,
                 'personally_identifiable_information': ['Names',
                                                         'Email Addresses',
                                                         'Phone Numbers'],
                 'sensitivity_of_data': 'Low to Medium',
                 'type_of_data_compromised': ['Names',
                                              'Email Addresses',
                                              'Phone Numbers']},
 'date_detected': 'July 2025',
 'date_publicly_disclosed': 'July 2025',
 'description': 'Personal information of millions of job applicants at '
                "McDonald's was exposed due to a weak password ('123456') for "
                "the fast food chain's account at Paradox.ai, a company that "
                'makes AI-based hiring chatbots. The incident was discovered '
                'by security researchers Ian Carroll and Sam Curry.',
 'impact': {'data_compromised': ['Names', 'Email Addresses', 'Phone Numbers'],
            'systems_affected': ['Paradox.ai AI chatbot platform on '
                                 'McHire.com']},
 'initial_access_broker': {'entry_point': "Weak Password ('123456')"},
 'motivation': 'Unknown',
 'post_incident_analysis': {'root_causes': ['Weak Password',
                                            'Malware Infection']},
 'references': [{'source': 'Wired'},
                {'source': 'KrebsOnSecurity'},
                {'source': 'Hive Systems'}],
 'threat_actor': 'Unknown',
 'title': "McDonald's Job Applicant Data Exposure",
 'type': 'Data Breach',
 'vulnerability_exploited': "Weak Password ('123456')"}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.