I’ll Take the User Permissions, Hold the Peanuts

Disney is all about magic and wonder, but something shocking almost happened with their park menus. A former Disney employee got into a menu app and made some dangerous changes. They messed with the allergen info on the menus, saying some foods were safe for people with peanut allergies when they weren’t. That could’ve been deadly.

Luckily, Disney caught it in time. The FBI got involved and said there’s no proof that any guests saw the fake menus. This wasn’t connected to a tragic event in 2023 when someone had a deadly allergic reaction at a Disney-owned restaurant.

What Went Wrong?

This all started because someone still had access to Disney’s systems when they shouldn’t have. The former employee, Michael Schuer, used his old work logins to make the changes. He even got into the app developer’s server.

What tipped Disney off? The prankster used the Wingdings font on the menus, a weird, unreadable font. That’s when Disney’s team spotted the issue and shut the app down. Before that, the hacker caused more trouble by locking employee accounts with repeated login attempts.

How Could This Have Been Stopped?

This whole mess could’ve been avoided if Disney had removed the ex-employee’s login access as soon as they left the company. That’s a basic rule for keeping systems safe.

Companies should always follow the Principle of Least Privilege. This means only giving employees access to the stuff they absolutely need to do their jobs. And when someone leaves, their access should be removed immediately.

Want to keep your business safe? Always pay attention to who has access and act fast when someone leaves. For more information about how we can help, give us a call today at (978) 482-2020.