Why a McDonald’s Chatbot Used the World’s Weakest Password 🍔

Imagine a company using the password ‘123456’ for one of its internal systems. That’s exactly what happened with a chatbot McDonald’s used to hire staff. The security flaw was discovered by security researchers who were able to sign in with that password in just 30 minutes.

The chatbot, named Olivia, is on the McHire website and is used to screen applicants, ask for their contact information, and direct them to a personality test. The researchers gained “full access to virtually every application that’s ever been made to McDonald’s going back years”. The database contained the names, email addresses, and phone numbers of 64 million applicants.

Why Was This Password a Problem?

The flaw was with a test account last used in 2019. The company behind the chatbot, Paradox.ai, said it had neglected to update the test account’s username and password when it tightened its security standards. McDonald’s was “disappointed by this unacceptable vulnerability” and mandated that Paradox.ai fix it “immediately”.

This shows how a simple oversight can lead to a massive data leak. It’s a clear reminder that you should always use strong, unique passwords for every online account, and never use a weak password like ‘123456’. I recommend using a password manager like Bitwarden to generate and store your passwords.

What Else Should You Look Out For?

The Co-op recently had the biggest data breach in UK retail history, and hackers stole the names, addresses, and contact info of all 6.5 million members. This information is enough for criminals to create convincing scams. If you’ve used your Co-op password on any other sites, you should change it there too. Always be on the lookout for suspicious emails or messages asking for your personal details.

—

Bibliography:

• “McDonald’s chatbot used the password ‘123456’.” Computeractive, Computeractive – Issue 715, 30 July-12 August 2025.
• “Co-op Hackers Steal Your Data.” Computeractive, Computeractive – Issue 715, 30 July-12 August 2025.
• “Stop hackers spying on your security camera.” Computeractive, Computeractive – Issue 715, 30 July-12 August 2025.

• NVIDIA to Invest $5 Billion in Rival Intel in Landmark AI Chip Collaboration
• Spotify Premium Lossless Audio: How to Enable Hi-Fi Streaming
• Apple Event September 2025: Everything Announced – iPhone 17, AirPods Pro 3, Apple Watch & More
• iPhone 17 Series Unveiled at Apple Event: 17, 17 Air, and 17 Pro Redefine Innovation
• A Guide to Factory Reset Google Pixel/Android with Family Link Account | Safely Remove Child’s Account
• How to Recover Permanently Deleted Files on Mac
• How to Remove Microsoft Store Ads Showing Up on Windows