Thursday morning saw the Disneyland Instagram account and Facebook accounts taken over by a … [+]
The Mouse House was breached.
The Disneyland Facebook and Instagram accounts were taken by “super hacker,” known as David Do. Do then posted a series of disturbing posts that included racist and foul language. At 3:50 AM PT, the first Instagram posting was reportedly posted with the caption “super hacker here to take revenge on Disneyland.”
Anaheim-based park’s official Instagram account has around 8.4million followers. The account on Facebook has over 17.2,000,000 followers. These pages don’t contain racist remarks, but instead of photos of children and families at the resort, they are filled with photographs.
According to a Disney spokesperson, “Disneyland Resort’s Instagram and Facebook accounts were stolen early in the morning.” We worked fast to delete the offensive content and secure our accounts. Our security team is conducting an investigation.
Disney’s social media accounts remained unaffected.
This isn’t the first time hackers have attacked a Disney brand. A few months after the launch of Disney+, subscribers complained that their accounts were compromised. Meanwhile, the Disney movie release was being released. Pirates of the Caribbean Tell No TalesIt was part of ransomware plot after hackers stole the movie copy just weeks prior to its global release.
You are a Mouse House
The “super hacker”, as he is called, was unable to gain access to these social media accounts. However, it sheds light on the ease with which hackers can impact corporate brands.
Multi-factor authentication (MFA), which is a combination of username and password, can be used to secure social media accounts. James McQuiggan from KnowBe4 said that security is not always 100%. There are always risks.
McQuiggan said that cybercriminals are still trying to gain access to accounts, bypass MFA. Cybercriminals use a common strategy to socially engineer victims to gain access to a duplicate website so that it appears they are accessing a login page. The cybercriminal is actually stealing credentials and access tokens or any other key in order to bypass authorization.
Disney managed to quickly regain control over its accounts, but companies should plan how they will recover.
McQuiggan stated that if an account is compromised (especially for an enterprise organisation), there should be a section in the Incident Response Playbook to deal with it and to communicate to solve it. McQuiggan suggested that organizations could benefit from creating procedures and communication plans for third-party vendors to address the issue and working with internal leaders to clean up the mess.
