Disneyland hack reveals the dangers of taking over social media accounts
We're excited to bring Transform 2022 back in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Sign up today!
Yesterday, Disneyland Anaheim's Instagram and Facebook accounts were hacked by a self-proclaimed "super hacker" going by the name David Do, who posted racist and homophobic messages on the accounts.
The attack appears to have been motivated by a negative experience with the brand, with the attacker stating he was "here for revenge on Disney land [sic]", and tired of Disney employees "laughing" from him.
While Disneyland quickly regained control of the account and deleted the posts, the event was a public relations nightmare that left millions of visitors and families exposed to hateful and offensive content, particularly on Instagram Disneyland Anaheim, which has 8.4 million subscribers. .
For other organizations, the Disneyland breach underscores that while platforms such as Facebook and Instagram can help reach a wider audience, they also open the door to the takeover of social media accounts, which an attacker can use to seriously damage your reputation.
EventTransform 2022
Join us at the leading Applied AI event for enterprise business and technology decision makers on July 19 and virtually July 20-28.
register hereWhile it's unclear how the hacker gained access to Disneyland's social accounts, Aaron Turner, CTO of SaaS Protect at California-based AI cybersecurity provider Vectra, believes social media companies are responsible provide organizations with poor authentication mechanisms.
"From an identity and access perspective, I've always been disappointed that major social media and internet publishing don't allow their biggest sponsors to use strong authentication and federated identities to protect their brands," Turner said.
One of the main problems with social media accounts, and the reason why accounts are vulnerable to account takeover attempts, is that they rely on password authentication, which is susceptible to to steal credentials.
According to the Verizon 2022 Data Breach Investigations report, last year 50% of breaches were caused by stolen credentials.
"Because Instagram forced Disney to use a low-security authentication mechanism, essentially something that wouldn't be considered enterprise-grade authentication with proper logging, monitoring, and anomaly detection, this created an opportunity for this online vandalism to take place,” Turner says.
Turner points out that social media account spoofing is a very simple way for a malicious actor to seriously damage an organization's reputation. Therefore, organizations should be aware that the use of social media poses reputational risks that need to be managed.
While it is not fair to speculate how the attacker gained access to the Disneyland accounts, it is true that credential theft plays a significant role in many attempts to hack Disneyland accounts. social networks.
In fact, research shows...
We're excited to bring Transform 2022 back in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Sign up today!
Yesterday, Disneyland Anaheim's Instagram and Facebook accounts were hacked by a self-proclaimed "super hacker" going by the name David Do, who posted racist and homophobic messages on the accounts.
The attack appears to have been motivated by a negative experience with the brand, with the attacker stating he was "here for revenge on Disney land [sic]", and tired of Disney employees "laughing" from him.
While Disneyland quickly regained control of the account and deleted the posts, the event was a public relations nightmare that left millions of visitors and families exposed to hateful and offensive content, particularly on Instagram Disneyland Anaheim, which has 8.4 million subscribers. .
For other organizations, the Disneyland breach underscores that while platforms such as Facebook and Instagram can help reach a wider audience, they also open the door to the takeover of social media accounts, which an attacker can use to seriously damage your reputation.
EventTransform 2022
Join us at the leading Applied AI event for enterprise business and technology decision makers on July 19 and virtually July 20-28.
register hereWhile it's unclear how the hacker gained access to Disneyland's social accounts, Aaron Turner, CTO of SaaS Protect at California-based AI cybersecurity provider Vectra, believes social media companies are responsible provide organizations with poor authentication mechanisms.
"From an identity and access perspective, I've always been disappointed that major social media and internet publishing don't allow their biggest sponsors to use strong authentication and federated identities to protect their brands," Turner said.
One of the main problems with social media accounts, and the reason why accounts are vulnerable to account takeover attempts, is that they rely on password authentication, which is susceptible to to steal credentials.
According to the Verizon 2022 Data Breach Investigations report, last year 50% of breaches were caused by stolen credentials.
"Because Instagram forced Disney to use a low-security authentication mechanism, essentially something that wouldn't be considered enterprise-grade authentication with proper logging, monitoring, and anomaly detection, this created an opportunity for this online vandalism to take place,” Turner says.
Turner points out that social media account spoofing is a very simple way for a malicious actor to seriously damage an organization's reputation. Therefore, organizations should be aware that the use of social media poses reputational risks that need to be managed.
While it is not fair to speculate how the attacker gained access to the Disneyland accounts, it is true that credential theft plays a significant role in many attempts to hack Disneyland accounts. social networks.
In fact, research shows...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
