Even the Magic Kingdom isn't immune from hackers.
Late last week, millions of followers of Disneyland's Facebook and Instagram accounts were greeted by a series of offensive messages posted by a hacker.
The hacker, who identified themselves as a "super hacker" called "David Do", used racist and other offensive language in a series of unauthorised posts, claiming that he was seeking revenge on the Disneyland resort after being allegedly insulted by staff.
In other posts, "David Do" claimed that he was "working on Covid20", referenced the Chinese city of Wuhan, and - using racist language - told people that they had better hide before he released his "new deadly virus."
Of course, it's impossible to know if the name and photograph shared by the hacker on the Disneyland accounts identify the person responsible for the defacement, or whether they are attempting to point the finger of suspicion towards an innocent party. Nonetheless, it does at least provide a potential clue worthy of investigation - should law enforcement agencies be so inclined.
Certainly the attacker's claim to be a "super hacker" are probably just as likely to be accurate as their claim that they created Covid19, and are working on a follow-up virus. It's much more likely that someone at Disneyland was sloppy with their password security (perhaps they were phished, or made the mistake of using the same password in multiple places, or had not enabled two-factor authentication on their social media accounts.)
Whatever the explanation for the hack, damage had been done to the company's online image.
A Disney fan on Twitter said that they found it "completely unacceptable" that "grossly racist and homophobic content" was left on Disneyland's Instagram page for "nearly an hour."
The good news is that it appears the hack was more mischievous and offensive rather than undertaken with the intent to scam Disney fans or direct them to a dangerous webpage.
Fortunately, the family-unfriendly posts were removed eventually from the resort's Instagram and Facebook accounts, and Disney released the following statement to the press on Thursday:
"Disneyland Resort’s Facebook and Instagram accounts were compromised early this morning. We worked quickly to remove the reprehensible content, secure our accounts, and our security teams are conducting an investigation."
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024
July 25, 2024