“We are confident, based on our records, this test account was not accessed by any third party other than the security researchers.”
Paradox.ai runs AI hiring chatbots for McDonald’s, Lockheed Martin, and other Fortune 500 companies. Researchers found the McDonald’s account was protected by the password “123456,” exposing 64 million job applicant records. A Paradox developer in Vietnam got hit with malware that compromised credentials for multiple client accounts, and those passwords were only seven digits long. The company holds ISO 27001 and SOC 2 Type II certifications, which apparently means nothing when your actual security hygiene is worse than your grandma’s Facebook password.