Skip to main content
All

McDonald’s AI leak puts 64 million job seekers at risk

The breach no one saw coming

AI hiring data leak headlines exploded after researchers Ian Carroll and Sam Curry entered the McHire platform with the comically simple password 123456. Within minutes they could view names, emails, phone numbers, and full chat logs from years of conversations with the Olivia recruitment bot. McDonalds relied on vendor Paradox ai, which patched the flaw the same day, yet the ease of access shows how careless design puts ordinary applicants at risk(Cyber Security News).

Although the researchers viewed only a handful of records, the underlying flaw allowed attackers to enumerate every applicant ID and walk through the entire database. Consequently any criminal with modest skills could launch convincing payroll phishing campaigns at global scale. Paradox.ai, the vendor behind Olivia, fixed the issue the same day and opened a bug bounty. Yet the problem highlights how AI tools often ship without the most basic safeguards such as multi factor authentication.

Why job seekers paid the price

For many applicants, McHire felt like modern efficiency. However the bot also harvested sensitive data and parked it on a vulnerable server for six years. Therefore the incident shows that convenience without security creates fertile ground for identity fraud. In addition recruiters rarely tell candidates how long data remains on file or who else receives copies. As a result victims learn about a leak only after their inbox fills with fake HR emails.

The bigger pattern in automated hiring

Moreover the breach is part of a wider trend in which AI driven platforms collect rich behavioral signals yet rely on legacy test accounts and sloppy passwords. In addition default settings often disable audit logs to save compute costs. Consequently regulators struggle to map accountability when something breaks. McDonalds may not have written a single line of code, yet millions still blame the brand.

Take control before the next bot fails

VALT puts your privacy back in your hands. VALT’s dashboard shows which companies store your data and lets you send removal requests in a few taps. Its decentralized VPN blocks trackers from linking fresh activity to your profile. And when you choose to share anonymized insights, you control exactly what leaves your device. Download VALT here and secure your future before the next breach strikes.

Privacy done your way

  • Full visibility into every data relationship

  • Removal requests that actually reach the right inbox

  • A DVPN that blocks trackers instead of trusting a central log server

  • An upcoming marketplace where you profit when you choose to share

 

You May Also Like

Big Tech & PrivacyData BrokersIndustry News Part 1: GDPR, CCPA, and Beyond — What Privacy Laws Really Mean for You

Part 1: GDPR, CCPA, and Beyond — What Privacy Laws Really Mean for You

MrBreadcrumbs101
MrBreadcrumbs101October 11, 2025
All Trump’s U-Turn on Data Privacy Harms You

Trump’s U-Turn on Data Privacy Harms You

MrBreadcrumbs101
MrBreadcrumbs101August 18, 2025
A secure digital tunnel branching across a global network, symbolizing the decentralized nature of VALT’s dVPN technology. All Why a dVPN Is the Future of Online Privacy

Why a dVPN Is the Future of Online Privacy

James Goodnight
James GoodnightJune 16, 2025

FAQ

How does VALT work?

VALT offers the world’s most secure dVPN service (more on that below) ensuring your data isn’t captured by organizations and bad actors without your knowing.

VALT also allows you to keep track of your personal data. For example, if you want to capture your location data, you can add your GPS data as a source in the app, and/or you can log in with Facebook to capture your Facebook data. We are continuously adding as many data sources as possible.

VALT allows you to interact with your data for the first time ever. For example, you can ask your AI assistant to analyze your spending patterns, or even look up what your heart rate was on New Years’ Eve the moment the ball dropped in New York.

As a premium feature, VALT will also reach out to data brokers who are currently selling information about you and force them to delete all of the data they know about you. We’ll also do this regularly to ensure your data stays out of the hands of brokers.

Can VALT access my personal data?

Absolutely not. Only your devices are able to retrieve the data you store with VALT.

In fact, if a hacker were able to access our database, they would still be unable to access your personal information. Your VALT key alone can unlock your data.

What is a decentralized VPN (dVPN), and how does it work with VALT?

A decentralized VPN (dVPN) is a type of VPN that operates on a blockchain network, providing enhanced security and privacy. VALT provides the world’s most robust dVPN service, ensuring the highest level of security and privacy for our users. Unlike traditional VPNs, our dVPN does not store or collect user data, offering complete transparency and trust.

How much does VALT+ cost?

Our dVPN is free for one device. For multiple devices, data removal services, and other features, our premium subscription is $9.99/mo when you sign up for the annual plan.

Can I sell my own data with VALT?

Yes – eventually.

Our Personal Data Marketplace is currently in closed beta.

Once it’s ready for a wide release, you will be able to sell your own personal data at your discretion.

Own Your Data.

TAC Security logo featuring a blue geometric icon and stylized text representing cybersecurity certification.
DigiCert Basic Site Seal indicating SSL encryption and site security certification.
Contact Us

support@valtdata.com

Download VALT App

© HashCash, Inc. Website built by Mediamonkey

Privacy Policy | Terms of Service | EULA