Would You Like a Name, Address and SSN with Your Burger? McDonald's AI Fiasco
- Frederick L Shelton
- Jul 13
- 2 min read

You can’t make this up.
A 44,000-store global empire, with marketing campaigns crafted by top agencies and supply chains optimized by MBAs… is using the password “McD@t$123” to protect a chatbot that screens job applicants.
Yes. That’s the actual password.
For a system handling private employment data. For the world’s largest fast-food chain.
You know, the one where everyone teenagers and adults apply to become fry techs and drive-thru diplomats? That’s the data McDonald’s decided to guard with a password that sounds like it was created by a Boomer trying to impress his nephew who “does computers.”
And what's on a resume? Not just name, address, phone and email. Job History, "Interests" (often including old school mascots, favorite sports, teams, pets and other items people often use to create their own passwords (everyone using "L@kers3pe@t" had best change their password now!)
Look, we’re not talking about some mom-and-pop diner on Route 66. We’re talking McDonald’s. A multi-billion-dollar beast with the budget to launch AI bots to the moon, but apparently not enough to upgrade from “123” to, I don’t know, two-factor authentication?
And it gets better. The system wasn’t built in-house. It was powered by Paradox AI, a company whose name now feels a little too on-the-nose. Their AI chatbot, “Olivia,” was left exposed. We're talking no MFA, no encryption, just good ol’ fashioned negligence dressed up in a tech trench coat. If this is how we’re ushering in the AI revolution, someone hand me a floppy disk and a prayer.
This wasn’t a breach caused by some ultra-sophisticated, North Korean hacker with a quantum computer. This was human laziness. Corporate slop. The same mindset that gave us the McRib probably gave us McD@t$123.
So if this is how Fortune 100 companies handle AI and sensitive data, what do you think your law firm is doing?
Wake. Up.
Check your vendors. Audit your systems. Stop outsourcing your digital future to third-party “solutions” that can't even offer a text as an extra step of security.
Because if your security plan includes “McD@t$123,” your next happy meal might come with a subpoena.
Get a real audit. Ask the dumb questions before the hackers do. And for the love of God, stop letting the guy who still prints emails pick your passwords!
Frederick Shelton is a Market Advisor and Consultant to law firms, legal MSO's and funds on subjects which include legal AI, ABS models, MSO's and M&A. He can be reached at fs@sheltonsteele.com
Comments