The Mouse House has been breached.
On Thursday morning, the Disneyland Instagram and Facebook accounts were taken over by a self-proclaimed “super hacker,” identified as “David Do” who proceeded to leave an odd string of posts that contained foul and racist language. The first post reportedly appeared on Instagram at 3:50am PT, with the caption “super hacker that is here to bring revenge upon Disneyland.”
The official Instagram account for the Anaheim, California-based theme park has some 8.4 million followers, while its Facebook account has more than 17.2 million followers. Instead of racist rants, those pages are typically filled with photos of families, children, and activities at the resort.
“Disneyland Resort’s Facebook and Instagram accounts were compromised early this morning,” a Disney spokesperson told reporters. “We worked quickly to remove the reprehensible content, secure our accounts, and our security teams are conducting an investigation.”
Disney’s other social media accounts were unaffected.
However, this is not the first time a Disney brand has been targeted by hackers. In November 2019, shortly after its launch, some subscribers to the Disney+ streaming service complained their accounts had been compromised, while the Disney film release Pirates of the Caribbean: Dead Men Tell No Tales was part of a ransomware plot in 2017 after hackers stole a copy of the film just weeks before its worldwide release.
Breaching The Mouse House
It remains unclear how the “super hacker” actually gained access to the social media accounts this week. Yet, this sheds the light on how easily a corporate brand can be impacted by a hacker out to cause chaos or mayhem.
“A username and password aren’t enough to protect social media accounts, and implementing Multi-factor Authentication (MFA) is one effective tool to reduce the risk of a compromised account. However, like many security features, it’s never 100%; there is always some risk,” suggested James McQuiggan, security awareness advocate at KnowBe4.
“Cybercriminals continue to attempt to access accounts and bypass MFA,” added McQuiggan. “One common tactic used is cybercriminals will socially engineer a victim to access a doppelganger website to make it appear they’re accessing a login page. Actually, it’s the cybercriminal stealing the credentials and a session token or other access key to gain access and bypass the authorization.”
Disney was able to regain control of its accounts fairly quickly, but organizations should have a plan in place on how to recover from such an attack.
“If an account is compromised, especially for an enterprise organization, there should be an entry in their Incident Response Playbook to address the attack and communications to resolve it,” suggested McQuiggan. “Organizations can benefit from having procedures, communication plans to discuss with third-party vendors, and internal leadership to reclaim the account and clean up the compromise.”