Last Thursday, Disneyland had their Facebook and Instagram accounts taken over by a self-proclaimed “super hacker” who posted racist and homophobic posts.
The threat actor, operating under the name “David Do”, claimed that he was seeking “revenge” on Disneyland employees after some of them had allegedly insulted him.
One of the posts read: “I am a super hacker that is here to bring revenge upon Disneyland […] Who’s the tough guy now Jerome?”
The hacker also published posts claiming to have “invented” COVID-19 and further claimed that he was working on a new “COVID20” virus.
The hacker posted four posts to Disneyland’s Instagram account before 5am PR, according to a follow up post on the official Disneyland blog.
The post said: “The hacker also tagged several other Instagram accounts, but it is unknown if they are friends and will help lead police to the hacker.”
He also encouraged users to follow his private Instagram account.
His posts received thousands of angry and shocked comments from Disney’s 8.4 million followers.
The Disneyland Facebook and Instagram accounts were temporarily taken down shortly after the posts went live and were subsequently brought back online after the team had removed the posts. The other social media pages run by the park appeared to be unaffected.
The Disneyland blog continues: “It’s not known how this person managed to gain access to the Disneyland Instagram account. Was it a stranger hack or a previous employee with access to the logins?”
“We worked quickly to remove the reprehensible content, secure our accounts and our security teams are conducting an investigation.”
A version of the (censored) posts remains available on the Disneyland blog.
The incident comes almost a year after three Disney theme park employees were arrested in Florida as part of an operation to catch sexual predators who target children via the internet.
