A security flaw in an AI-powered hiring chatbot used by McDonald's exposed the personal information of more than 64 million job applicants, according to reports on the incident. Two security researchers identified the problem and were able to access the system after cracking an administrator account that used the password "123456."

The chatbot, which screened applicants during the hiring process, held records that became accessible through the weak credential. The researchers reported the flaw rather than exploiting it, and the exposure was subsequently made public as an example of basic security failures in AI-driven tools deployed at scale.

The case drew attention because of the volume of affected applicants and the simplicity of the underlying weakness. The exposed system had been adopted to automate a routine, high-volume business function, screening job seekers, but the account protecting it relied on one of the most common and easily guessed passwords in use.

Security specialists cited the incident as a reminder that AI systems handling personal data require the same access controls, credential standards, and oversight as any other enterprise application. The exposure added to a broader run of 2026 data incidents in which AI tools, third-party integrations, and weak governance contributed to large-scale access to sensitive records across multiple organizations.

Source: Tech.co -- https://tech.co/news/data-breaches-updated-list