Once inside, researchers additionally discovered an internal API endpoint using a predictable parameter to fetch applicant data. By simply decrementing the ID value, Caroll and Curry retrieved full applicant PII, including chat transcripts, contact info, and job-form data. This IDOR exploit exposed not just contact details but also timestamps, shift preferences, personality test outcomes, and even tokens that could impersonate candidates on McHire.
“This incident is a prime example of what happens when organizations deploy technology without an understanding of how it works or how it can be operated by untrusted users,” Desired Effect CEO Evan Dornbush said. “With AI systems handling millions of sensitive data points, organizations must invest in understanding and mitigating pre-emergent threats, or they’ll find themselves playing catch-up, with their customers’ trust on the line.”
Rapid patching saved the day
Following disclosure on June 30, 2025, Paradox.ai and McDonald’s acknowledged the vulnerability within the hour. By July 1, default credentials were disabled and the endpoint was secured. Paradox.ai also pledged to conduct further security audits, Carroll noted in the blog.
