Ex-Disney Employee Charged With Hacking Menu Database
In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.
A former Disney employee was arrested and charged after allegedly hacking into the company's systems and altering its restaurant menus.
Michael Scheuer, an ex-menu production manager at Disney, was charged with violating the Computer Fraud and Abuse Act (CFAA) on three different occasions.
He was fired from this position in June, after unspecified misconduct; his dismissal was described as "contentious" and "not considered to be amicable," according to court documents.
Scheuer allegedly used his work credentials, which were still functioning after his termination, to log into the Disney menu creation system contracted by a third-party company and change the fonts in the system to Wingdings symbols.
When the menu creator was launched, it would reach for these altered font files, believing them to be correct.
"As a result of this change, all of the menus within the database were unusable because the font changes propagated throughout the database," read the complaint.
Scheuer also allegedly deleted allergen information from the menus, suggesting some foods were safe when they weren't, leading to potentially deadly consequences. The menus were identified and isolated by Disney before they could be shipped.
The menu changes caused the system to go offline for a couple of weeks and required backup to restore.
Scheuer has also been accused of being the root cause of several distributed denial-of-service attacks against several Disney employees, their information found in a folder on one of Scheuer's virtual machines, labeled "dox." According to the FBI, the evidence found in the investigation pointed to Scheuer as the perpetrator. He has been charged on two violations of the CFAA and remains in jail pending a bond hearing. If found guilty, he faces up to 15 years in prison.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024