Ethical hackers infiltrated recruitment software for fast food restaurants. This automated program using AI allows “ review applications, schedule interviews and perform background checks “.
Delegating all tasks to technology may not be a good idea. Ethical hackers (legally authorized to hack) took control of a chatbot used for recruitment sessions by several fast-food chains in the United States, including KFC, Subway, Taco Bell and Wendy's. They published an extract of their operating procedure on a blog on January 10.
Cyber experts were able to accept or reject candidates and could exfiltrate a lot of data on the people they were chatting with.
The program in question, Chattr, presents itself as “ the first-ever end-to-end automated recruiting software for the hourly workforce, powered by an AI digital assistant. ” In a video promotional, the company boasts of having “ reinventing workforce hiring with an AI assistant (…) Review applications, schedule interviews, background checks, it's all done automatically. »
A dashboard with candidate reports
Hackers commissioned by companies began searching the Internet, until they came across an administrator dashboard, revealing a list of organizations using Chattr. The researchers shared with journalists from 404 Media a 30-minute video in which they navigate between Chattr accounts. One of the hackers, MrBruh, posted several screenshots that appear to show conversations between candidates and the Chattr bot; upcoming interview dates, and a column titled “make a decision” with thumbs up to accept or reject the application.
MrBruh says he disclosed the vulnerability on January 9. Chattr reportedly fixed the problem the next day, “syears thanks or contact “. The company did not respond to a request for comment from 404 Media.