Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information (404media.co)
- Reference: 0175360275
- News link: https://it.slashdot.org/story/24/10/30/1434212/fired-employee-allegedly-hacked-disney-worlds-menu-system-to-alter-peanut-allergy-information
- Source link: https://www.404media.co/fired-employee-allegedly-hacked-disney-worlds-menu-system-to-alter-peanut-allergy-information/
> A disgruntled former Disney employee allegedly repeatedly hacked into a third-party menu creation software used by Walt Disney World's restaurants and [1]changed allergy information on menus to say that foods that had peanuts in them were safe for people with allergies, added profanity to menus, and at one point changed all fonts used on menus to Wingdings, according to a federal criminal complaint.
>
> The suspect in the case, Michael Scheuer, broke into a proprietary menu creation and inventory system that was developed by a third-party company exclusively for Disney and is used to print menus for its restaurants, the complaint alleges. The complaint alleges he did this soon after being fired by Disney using passwords that he still had access to on several different systems. Once inside the systems, he allegedly altered menus and, in once case, broke the software for several weeks.
>
> "The threat actor manipulated the allergen information on menus by adding information to some allergen notifications that indicated certain menu items were safe for individuals with peanut allergies, when in fact they could be deadly to those with peanut allergies," the criminal complaint states. According to the complaint, the menus were caught by Disney after they were printed but before they were distributed to Disney restaurants. Disney's menus have extensive "allergy friendly" sections.
[1] https://www.404media.co/fired-employee-allegedly-hacked-disney-worlds-menu-system-to-alter-peanut-allergy-information/
Obvious Question (Score:5, Informative)
Whose job is it to offboard employees such that they aren't just leaving people with access to their systems after firing them? HR? IT? I'm looking at you. I mean... c'mon.
Re: (Score:2)
Whoa! You want someone to take responsibility? And do their job?
This is 2024, pal, not 1954. You're talking about the bad old days.
Stop complaining and be happy.
Re: (Score:3)
> Whose job is it to offboard employees such that they aren't just leaving people with access to their systems after firing them? HR? IT? I'm looking at you. I mean... c'mon.
Still have my accounts (active) after leaving 3 years ago. Its amazing, aint it? They fire the capable, and keep the morons.
Re: (Score:2)
- passwords deactivated
- security keycard deactivated
- The supervisor with at least 2 big burly security guards walks up to the worker
- "You're fired"
- 5 minutes with the big burly security guards flanking the worker as he clears his desk of all personal items
- worker escorted of premisis /\
--- all done in that order
Yes, it's as cold, heartless, and efficient as it sounds, and I'm very surprised Disney does not do this.
Re: (Score:2)
I am guessing this is related to cloud hosted services with shared passwords. Two great gotchas for proper security protocols.
Re: (Score:1)
The perp walk is evil and unnecessary. Revoke permissions and have security trail him at a discrete distance.
Re: (Score:2)
Revoke permissions and have security trail him at a discrete distance.
Because that is so much better. Nothing like walking out of the office and someone trailing you while watching your every move. Sounds like the other side of the Berlin Wall back in the day.
Re: (Score:2)
At Evil, Co., as part of our environmental responsibility initiative, we push terminated employees into the protein recycling vats.
Re: Obvious Question (Score:2)
You're wrong.
It's usually 15 minutes you're allowed before getting manhandled.
Re: (Score:2)
You kind of assume that both the IT department and management are organized well enough to do something in less than a week's time.
Re: (Score:2)
> Whose job is it to offboard employees such that they aren't just leaving people with access to their systems after firing them? HR? IT? I'm looking at you. I mean... c'mon.
As long as Disney can point to one specific culprit, already fired, they'll do so. Never mind shit policy and the entire chain of failure that led to this incident. Corporations are not responsible for anything. Individuals are. Unless its systemic and the only culprits sit on the board. Then nobody's responsible. It's just good business.
Re: (Score:2)
Disney didn't force or even incentivize him to do this. Failing to prevent somebody from willfully committing a crime is not a crime.
Committing a crime is a crime.
Re: (Score:2)
Happens all the time. It is HR's job to offboard people and IT's job to remove their access. In any large organization, the communication between two groups reporting to different people is usually very poor. Even assuming HR remembers to inform IT, there is no reason to believe that there is someone in that organization whose job it is to take care of it.
Re: (Score:2)
Especially when "IT" means a mix of outsourcing companies which handle wildly different credential suites and access solutions.
This happens in pretty much every corporation. Single Sign On is a wet dream.
Re: Obvious Question (Score:2)
I imagine in the future, the bloodsports we'll be fed on TV will be HR-MMA, no holds barred fighting between HR employees, where you're allowed to bite and break the opponents limbs in the ring.
It will be a smash hit, I tell ya.
Re: (Score:2)
Maybe cut people a severance check once in a while. The classic: "No hard feelings. Here's 6 weeks if you promise to GTFO"
Re: (Score:2)
The person that was fired should not criminally use systems after they get fired. Period. That's 'his job'. While it's a good habit to throw out old employee accounts, still having an old password does not make it OK to still use it in a way that harms the company or other people.
Re: (Score:2)
That job was moved overseas. Just like their turd party menu system.
Holy crap what a shitty human being you must be (Score:2)
to put people's lives at risk because you have a beef with your employer.
Re: (Score:2)
The other things could be written off like pranks, but messing with allergy info isn't okay.
Re: (Score:2)
Especially in that manner. If he had changed it so it said something like the Swedish Fish may contain shellfish that would be kind of funny and people with allergies could at least err on the side of caution and not eat anything
Re: (Score:2)
The guy is a real mental case, but people typically don't just become that way for nothing. Something rotten led up to this even before he was terminated.
Re: (Score:1)
Trumpism.
Re: (Score:1)
Trumpism.
Are you sure you don't want to blame sunspots or perhaps Jerry Brown and his Zen Fascists(10 points to whomever gets the reference)?
Re: (Score:2)
> The guy is a real mental case, but people typically don't just become that way for nothing. Something rotten led up to this even before he was terminated.
A mentally healthy person doesn't act like this no matter how badly they get treated at work.
BIG legal trouble (Score:1)
Bit of an armchair lawyer here but comparing this to somewhat similar cases, this guy is going to jail FOREVER. He'll probably lawyer up and waste his life savings on it and get a plea deal or some nonsense if Disney doesn't swing their weight around on this one. But it's basically FDA food manipulation territory and attempted murder but without a specific victim, which they could classify as terrorism if they really wanted to stretch it. Also, use of Wingdings is punishable by death.
Re: (Score:3)
Jigsaw: Let's play a game. Wingdings, Comic Sans, or prison. Which do you choose?
Re: (Score:1)
If Comic Sans is mandatory in any place in civilized society, you're not keeping society safe from me by throwing me into prison, you're keeping me safe from society.
Re: BIG legal trouble (Score:2)
You're locked in here with me....
I have wingdings and comic sans, and I'm not afraid to use them.
FTA (Score:2)
Did you read an article? The guy was a total nut. He had information on coworkers addresses and families. Hacking and FDA violations are the tip of the iceberg.
Disney security protocol is so Mickey Mouse (Score:2)
"The complaint alleges he did this soon after being fired by Disney ***using passwords that he still had access to on several different systems.***" Dumb, dumb, and dumb. I bet they didn't deactivate his key card before telling him he was fired either.
Attempted murder, not "computer fraud" (Score:2)
That's clear attempted murder, should be taken very seriously. Why are they only charging him with "computer fraud" .. he tried to kill people.
Dumb fuck deserves prison (Score:2)
Why do people do post-firing hacking on their former employer?
They fired you. That sucks. You're not getting your job back. Work on your resume and move on. You hate them so much and cared so much about some dumb job and your stupid boss that you'd go to prison and fuck up your whole life to inflict some temporary harm on them? Super fucking crazy. No wonder he got fired. He was a psycho and a bad hire in the first place.
Be it your former job or your ex-spouse or bf/gf or bff or your dog runs away, j
Re: (Score:2)
I mean, I'm not saying you're wrong for 99% of situations. (You knew when you were hired that the employment could be terminated at any time, etc. etc.)
But the fact this guy specifically went after the restaurant menus and the peanut allergies in particular, just after all the news came out about Disney's ridiculous fight not to compensate a family for serving peanuts in food despite being instructed the person had a peanut allergy? That looks more like a type of guerilla corporate warfare move than a perso
Re: (Score:2)
Corporate warfare? Am I reading that right? To me that means he was doing harm as a paid agent of some Disney competitor. Is that what you meant?
Re: (Score:2)
Uh, not necessarily -- though that's an interesting possibility that I'm sure has been the case in some of these other corporate hacks by former employees.
I'm not sure what term you'd prefer... maybe an "activist" sounds better to you?
My general point here is, a LOT of people feel the Disney corporation is a pretty evil one, these days. I don't see how anyone paying attention can mistakenly believe they're the exact same type of company they were back when Walt was in charge of it?
If anything this is managements fault! (Score:2)
You never let someone leave the company with working access credentials if they don't need them. Whoever dropped the ball is just as liable as the guy who changed the menus. This is also why it's absolutely forbidden to use a single admin account for everything, or to share user accounts. Moreover, MFA is also important for this reason, because once a person leaves, they should generally stay out.
Re: (Score:2)
In 99.9% of cases you can make this fuckup and nothing will happen, because the vast majority of people are ethical and won't do anything even if their accounts are still valid. Leaving access open is EXTREMELY common.
As a consultant i often have temporary accounts to my customer's equipment, i've frequently received alerts weeks/months later, or gone back for another contract and found that consultant accounts (either mine or others) are still present for consultants who finished their work months or even
Fridge horror (Score:2)
It just dawned on me that if he didn't do the profanity and wingdings, there is no telling how long the altered peanut allergy information would've gone unnoticed before someone might have gotten sick or died.
Evil vs. Evil (Score:2)
Damn, we thought Disney was the worst but taking peanut allergy info off of menus is a real concentrated bit of evil.
One supposes this is Disney's available tech recruiting pool after what they paid Fritz Hollings to do?
Still, attacking innocents like this is on par with the neverending pedo ring stings at Disney.
Walt must be spinning in his cryogenic chamber.
I'd want a real source for this before buying it. (Score:2)
One, it's sensational. Two, it doesn't make a whole lot of sense. Someone is smart enough to pull that off, but doesn't understand the extreme difference between embarrassing a company and endangering lives? This source offers a lot of sensational content with minimal external overlap. My skepticism of it grows with time.
Ah not to worry. (Score:3, Insightful)
Even if there were allergy problems that arose from this, chances are the victim would be a Disney+ subscriber, so Disney is legally in the clear!
Re: (Score:2)
Would be funny if peanut allergy was not actually lethal.
Re: (Score:1)
Of course! .... but maybe [1]https://www.youtube.com/watch?... [youtube.com]
[1] https://www.youtube.com/watch?v=wEb5a-I0kyg
Re: (Score:1)
> Would be funny if peanut allergy was not actually lethal.
Has anyone figured out where this relatively NEW phenomena of peanut allergies has come from?
There was NO such thing when I grew up as a kid....peanuts were at schools...hell on any given day, I'd say half the kids lunches in elementary school were PB&J's.....
No scares...no mass dying of peanuts.
So, what the hell caused this in the past couple decades?
Re: (Score:2)
> Has anyone figured out where this relatively NEW phenomena of peanut allergies has come from?
Agent Orange, perhaps?
Re: (Score:2)
We know that lack of exposure to peanuts as a baby can cause it (or exposure can prevent it, whichever way you want to see it). Studies with ethnic groups in the US and abroad where the US population didn't have peanuts in their babies' diets basically ruled out strong genetic factors.
Now, I doubt the US baby peanut intake used to be high, so there's probably another thing causing the allergy to manifest after they're not pre-emptively exposed.
Re: (Score:2)
He should have went for the lactose intolerance angle and gave most people diarrhea instead of trying to commit murder.
I wish more people would ask me about alternatives to murder. I'm REALLY good at not running around like a lunatic and murdering people.
Hell, he could have taken up basket weaving. Maybe make designs showing the Steamboat Willie version of Mickey Mouse having steamy romance with Peg-Leg Pete.
Re: (Score:2)
Oh, Disney is definitely in the clear. The guy who did the hacking? He's gonna do prison time. For sure.
Re: (Score:2)
I do hope the charge is attempted murder, since that's what it is. And he should face one count (with consecutive sentences) for each Disney customer with a peanut allergy. Should be good for a few hundred thousand years behind bars.
Re: (Score:2)
"By any of your bodily senses ever picking up on anything Disney, you automatically agree to never sue us."