Blog content

Disneyland Accounts Post Racist and Offensive Content Following Hack

Social media accounts belonging to Disneyland were hacked this morning, with the hacker posting racist and offensive content.

A self-proclaimed “super hacker” named David Do has claimed responsibility for the hack, saying he hacked Disneyland’s Instagram and Facebook accounts to “get revenge” on the company’s Anaheim theme park.

In an Instagram post, the hacker claimed his motivation for the attack was “Disney employees laughing at me for having a small penis.” In another post, the hacker also claimed to have invented COVID-19 and warned that he was releasing a deadly new strain of the virus.

According According to the Disney Blog, the hack took place around 6 a.m. EDT. The hacker posted four separate photos to Disneyland’s Instagram account, along with “profanity and racist/homophobic slurs” as well as references to someone called “Jermone” and various “Disney employees”. The hacker also allegedly tagged several other Instagram accounts, including DramaAlert, a YouTube channel that reports on internet dramas, and media personality DJ Akademiks.

Disneyland confirmed the hacks, saying in a statement that their accounts were compromised early this morning. “We worked quickly to remove objectionable content, secure our accounts, and our security teams are investigating,” the spokesperson added.

This isn’t the first time Disney has been hacked. Thousands of Disney+ accounts were compromised in November 2019.

It’s unclear how the hacker gained access to the Disneyland accounts, but the obvious candidate is weak or reused passwords.

“This breach demonstrates the common attack vector of account takeover from a weak or reused password,” Craig Lurey, CTO and co-founder of the cybersecurity software company Keeper Security Inc., told SiliconANGLE. “Password managers can easily protect social media accounts with strong, unique passwords and can also protect the second factor, a time-based one-time password. Social media accounts can also be securely shared across vaults within a marketing or social media team with role-based access controls and audit trails.

The fact that the hacker was able to gain access to Disneyland accounts may also indicate broader security issues. Aaron Turner, CTO, SaaS Protect at cybersecurity firm AI Vectra AI Inc.noted that major social media and internet publishing companies will not allow their largest sponsors to use strong authentication and federated identities to protect their brands.

“Because Instagram forced Disney to use a low-security authentication mechanism, essentially something that wouldn’t be considered enterprise-grade authentication with proper logging, monitoring, and anomaly detection, it created a opportunity for this online vandalism to take place,” Turner explained. “As we have seen with Twitter account takeovers in the past, such as the extremely damaging vandalism of US Airways prior to the American Airlines merger, the relative simplicity of waging a Twitter account takeover campaign social media translates into an attractive way for an attacker to cause significant brand damage.”

Photo: Pxhere

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.