123456 Password Leads to McDonald’s Data Breach

Hey there, it’s time for your Weekly Cyber Snapshot with former Cyber Detective Sergeant Adam Pilton.

In less than 5 minutes you’ll be up to speed on the five biggest cyber headlines of the week. From a hacked Muppet to ransomware takedowns, leaky AI at the Golden Arches, a betting breach, and SMBs sleepwalking into threats – let’s break it all down. You’ll see what and why it happened and learn from Adam how to stay safe from similar threats.

Elmo gets hacked: Never ignore MFA

Over the weekend, the official X account of Elmo – yes, the beloved red Muppet – was hijacked and used to post a series of vile, racist, and anti-Semitic rants. With over 650,000 followers, the damage was viral and immediate.

Turns out, this wasn’t some advanced nation-state actor. It was just a simple social login breach with no multi-factor authentication (MFA) standing guard. Screenshots spread like wildfire before Sesame Workshop managed to wrest control back.

Safety advice

• Lock down social accounts with MFA
• Rotate credentials when staff leave — no exceptions.
• Register typo-squatted handles before someone else does

Ransomware retail spree: Four teens arrested in UK

The UK’s National Crime Agency arrested four individuals aged 17 to 20 last week, believed to be behind ransomware attacks that slammed Marks & Spencer, Harrods, and the Coop earlier this year.

The attack on M&S alone halted online clothing sales for nearly seven weeks and racked up a £300 million bill. The crew used classic double extortion: encrypt files, leak the data, demand cash.

What helped crack the case? Good old-fashioned logging. The retailers had kept detailed records that traced the hacks back to residential IPs and Discord handles.

Safety advice

Keep at least 12 months of immutable logs – endpoint, firewall, SaaS. Don’t skimp.

These logs are pure gold for attribution, insurance claims, and putting cuffs on cyber crooks.

McDonald’s hiring assistant breach puts 64 million applicants at risk

Researchers stumbled upon McDonald’s AI hiring assistant, “Olivia,” on Reddit. One curiosity click led to the McHire platform and a login portal for Paradox AI – the provider behind Olivia.

The researchers guessed the admin password – literally just “123456” – and got full access. That unlocked years of chat logs, emails, phone numbers, and job application data – potentially impacting 64 million people.

To their credit, Paradox AI moved fast. They changed the password, apologized publicly, and launched a bug bounty program. But this was a major wake-up call about supply chain risk.

Safety advice

• Demand security clauses in all third-party contracts – especially for HR, marketing, or data-rich SaaS tools.
• Include MFA usage and pen testing requirements in the contract
• Run annual reviews,and require clear audit reports in plain language

Flutter breach exposes 800,000 betting accounts

Flutter Entertainment disclosed a breach affecting customers of its betting brands, Paddy Power and Betfair. Up to 800,000 users had their email addresses, IPs, and activity logs exposed. Thankfully, no financial data was compromised.

Still, the real threat now is phishing, smishing, and vishing campaigns, armed with stolen details and disguised as tempting betting promos.

Safety advice

Alert your clients: scam offers are coming. Teach them to watch for messages offering free bets, jackpot wins, or exclusive bonuses – they’re bait.

SMBs see the danger, but still don’t invest

A new Coalition survey of 1,000 small business leaders revealed a troubling paradox: 86% believe cyberattacks will rise this year, but 61% still think they’re too small to be targets.

Worse, most spend less than 10 hours per week on security and dedicate no more than 10% of their budget – even though 77% have already been hit in the past five years.

Safety advice

As an MSP, use these stats to unlock budget. Show leadership that small ≠ invisible.

Benchmark against your sector and focus on controls that reduce both incidents and insurance premiums:

• Endpoint Detection & Response (EDR)
• MFA
• Tested, restorable backups

That’s it for this week. If this roundup saved you scrolling through 20 different headlines, hit that like, drop a comment with your top concern of the week, and share it around. Let’s keep each other sharp.

Stay sharp, stay secure. See you next week.

If you liked this article, follow us on LinkedIn, Reddit, X, Facebook, and Youtube.

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.