https://stream.echo6.co/videos/watch/e1a507a3-5942-4a28-a336-66df952f3d26 McHire hack 2025, McDonald’s data breach, default password 123456, IDOR vulnerability in this step-by-step demo, David Bombal shows how security researchers ripped open McHire, the Paradox.ai chatbot that 90% of U.S. McDonald’s franchises use to hire staff. You’ll see: • How a forgotten test admin panel still accepted username 123456 / password 123456. • How a single parameter-tampering attack (IDOR) exposed 64 million+ applicant chat logs; names, emails, addresses, even session tokens. • Rapid response timeline (report 30 June 2025, patch the same day). • Practical mitigation tips: kill default creds, add auth checks, run continuous bug-bounty tests. Plus, David jumps into a PortSwigger Academy IDOR lab so you can practice the exact exploit techniques, safely. Whether you’re a developer, red-teamer, hit play and level-up your web-app defense skills. // PortSwigger Lab REFERENCE // https://portswigger.net/web-security/access-control/lab-user-id-controlled-by-request-parameter // PortSwigger Burp Suite REFERENCE // https://portswigger.net/burp/communitydownload // YouTube Video REFERENCE // Burp Suite Proxy Browser and App Interception: https://youtu.be/0CIpMDJmPpc Hackers remotely hack millions of cars: https://youtu.be/MBj546UptEA Your Privacy and security nightmare: https://youtu.be/lDdJLrxQg24 // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ SoundCloud: https://soundcloud.com/davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532 // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - McDonald's gets hacked! // Weak passwords and IDOR 01:17 - How McDonald's was hacked 03:20 - IDOR demo on PortSwigger 06:20 - IDOR explained 07:01 - Resources on PortSwigger // Download Burp Suite 07:28 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #breach #mcdonalds #cybersecurity Wed, 15 Apr 2026 11:36:24 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/e1a507a3-5942-4a28-a336-66df952f3d26 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.