Social media accounts belonging to Disneyland were hacked this morning, with the hacker posting racist and offensive content.

A self-described “super hacker” going by the name of David Do claimed responsibility for the hack, saying that he had hacked Disneyland’s Instagram and Facebook accounts to “bring revenge” on the company’s Anaheim theme park.

In one Instagram post, the hacker claimed his motivation for the attack was “Disney employees mocking me for having a small penis.” In another post, the hacker also claimed to have invented COVID-19 and warned that he was releasing a new deadly strain of the virus.

According to The Disney Blog, the hack took place at around 6 a.m. EDT with the hacker posting four separate photos to Disneyland’s Instagram account. The posts were accompanied by “profanity and racist/homophobic slurs” along with references to someone called “Jermone” along with “Disney employees.” The hacker is also said to have tagged several other Instagram accounts, including DramaAlert – a YouTube channel that reports on internet drama, and media personality DJ Akademiks.

Disneyland confirmed the hacks, saying in a statement that their accounts were compromised early this morning. “We worked quickly to remove the reprehensible content, secure our accounts and our security teams are conducting an investigation,” the spokesperson added.

This is not the first time Disney has been hacked, with thousands of Disney+ accounts being compromised in November 2019.

How the hacker gained access to the Disneyland accounts is not known, but the obvious candidate is weak or reused passwords.

“This breach demonstrates the common attack vector of account takeover from a weak or reused password,” Craig Lurey, chief technology officer and co-founder of zero trust and zero-knowledge cybersecurity software company Keeper Security Inc., told SiliconANGLE. “Password managers can easily protect social media accounts with strong, unique passwords and can also protect the second factor (TOTP code). Social media accounts can also be shared from vault-to-vault securely among a marketing or social media team with role-based access controls and audit trails.”

That the hacker was able to gain access to Disneyland’s accounts may also be indicative of broader security issues. Aaron Turner, chief technology officer, SaaS Protect at AI cybersecurity firm Vectra AI Inc. noted that “from an Identity and Access perspective, it has always disappointed me that the major social media and internet publishing companies will not allow for their biggest sponsors to utilize strong authentication and federated identities to protect their brands.”

“Because Instagram forced Disney to use a low-security authentication mechanism, essentially something that would not qualify as enterprise-grade authentication with appropriate logging, monitoring and anomaly detection, it created an opportunity for this online vandalism to take place,” Turner explained. “As we saw with Twitter account takeovers in the past, such as the extremely damaging US Air vandalism prior to the American Airlines merger, the relative simplicity to run a social media account takeover campaign results in an attractive way for an attacker to cause significant brand damage.”

Photo: Pxhere

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.


Source link

Load More By Michael Smith
Load More In Technology
Comments are closed.

Check Also

Autocar magazine 1 February: on sale now

[ad_1] This week in Autocar, we put Porsche’s new 911 ‘SUV’ through its paces, break the s…