Mickey Mouse Operation Hacked By Former Employee
A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers.
Michael Scheuer, a former system administrator with the iconic children’s entertainment franchise, faces a charge of computer fraud after authorities in Florida found evidence to believe that he was behind a string of attacks targeting restaurant’s at the company’s theme parks.
According to a criminal complaint (first posted by The Register) Scheuer was unceremoniously terminated by Disney in June and, over the course of three months, proceeded to use his old credentials to access the software the companies uses to program the digital signage for its restaurant menus.
The affidavit says that, initially, the intrusion amounted to little more than common revenge pranks. It is said that Scheuer would do things such as modify prices or slip profanity into item descriptions.
Things would take a turn for the worse, however, when Scheuer would begin modifying the allergy notifications for items, in some cases deleting warnings for those with potential nut allergies.
Had the changes not been spotted, they could have resulted in park-goers (many of them children) being unknowingly subjected to potentially fatal allergic reactions from food they had been lead to believe was safe to eat.
Things would eventually escalate to the point where, in late August, the entire menu system was rendered in operable for more than a week, forcing restaurant staff to revert to traditional means of sharing their menus on an antiquated medium known as “paper.”
To make matters worse, after authorities caught wind of the attacks and began to take action to seize his accounts, it is alleged that Scheuer began harassing and visiting the homes of some of those involved in the case.
Disney did not respond to a request for comment on the matter.
According to industry pundit Graham Cluley of BitDefender, the case is a textbook example for why companies should maintain and enforce a strict policy of immediately revoking system access for any employee upon their termination.
“Fortunately all of the tampered menus were intercepted by Disney before they could be physically distributed to restaurant guests,” Cluley wrote.
“Nonetheless, the case raises once again the concern that too many businesses leave themselves open to attack by not changing login credentials when staff leave the company.”
READ MORE HERE