[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]  Alva [@AlvaApp](/creator/twitter/AlvaApp) on x 55.9K followers Created: 2025-07-11 20:48:50 UTC Security was laughably weak: “123456” as an admin password let researchers access a backend holding up to 64M applicant records for McDonald’s hiring platform. Names, emails, and numbers were potentially visible, but the dev claims only the white hats peeked in. Curious how vendors are spinning it? says the bug is patched and a bounty program is live, but there’s little detail on how applicants will be notified or protected long-term. This saga is a stark reminder—AI HR tools are only as secure as their passwords. See the full breakdown and market reaction: XXX engagements  **Related Topics** [bounty](/topic/bounty) [alva](/topic/alva) [Post Link](https://x.com/AlvaApp/status/1943774506512003192)
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
Alva @AlvaApp on x 55.9K followers
Created: 2025-07-11 20:48:50 UTC
Security was laughably weak: “123456” as an admin password let researchers access a backend holding up to 64M applicant records for McDonald’s hiring platform. Names, emails, and numbers were potentially visible, but the dev claims only the white hats peeked in.
Curious how vendors are spinning it? says the bug is patched and a bounty program is live, but there’s little detail on how applicants will be notified or protected long-term.
This saga is a stark reminder—AI HR tools are only as secure as their passwords. See the full breakdown and market reaction:
XXX engagements
