Fired Disney employee hacks into system, removes allergen information from restaurant menus, and goes on a rampage
A former Disney employee who was fired in June 2024 for misconduct was arrested and charged with hacking into a menu-creation software system used exclusively at
Criminal Complaint - disney-menu-hacker-complaint.pdf
(PDF file) https://regmedia.co.uk/2024/10/30/disney-menu-hacker-complaint.pdf
Ex-Disney techie arrested for potentially deadly menu hacks • The Register
https://www.theregister.com/2024/10/30/fired_disney_employee_hacks_menu/
Fired Disney worker allegedly changed peanut allergy information on menus
Michael Scheuer, who worked as a menu production manager at Disney, was fired by Disney in June 2024 for 'misconduct.' Disney has not disclosed Scheuer's misconduct.
'Disney did not respond to Scheuer's inquiries about his termination, so Scheuer is filing a complaint with the Equal Employment Opportunity Commission (EEOC),' Scheuer's attorney, David Haas, said in a statement.
Shortly after being fired by Disney, in July 2024, Scheuer used his still-functioning credentials to log into the restaurant's menu-creation software system and changed all the fonts in the system to Wingdings, a pygmy font that is a collection of decorative symbols.
'As a result of Scheuer's changes, font changes rippled throughout the database, rendering all menus in the database unusable. The changes took the system offline for several weeks and required restoration from backups to correct,' the lawsuit states.
Scheuer also altered the QR codes on the menus to redirect them to a website called
Additionally, Scheuer allegedly altered allergen information on menu items to falsely represent certain dishes as safe for customers with peanut allergies. However, the altered menu items were reportedly destroyed by Disney before being delivered to restaurants, so no customers were harmed.
Scheuer also exploited the accounts of at least 14 employees by creating scripts that would lock them out of their accounts by forcing them to log into the system thousands of times using incorrect passwords. Authorities say Scheuer targeted some employees with DoS attacks, and that 'files containing the home addresses, phone numbers and personal information of the targeted employees' relatives were stored on Scheuer's PC.'
According to the complaint, doorbell camera footage showed Scheuer showing up to the victim's home, which was the target of a DoS attack, on the evening of Oct. 22, 2024.
In response to these actions, the FBI conducted an investigation. On October 24, 2024, Scheuer was arrested and indicted on suspicion of violating the Computer Fraud and Abuse Act. The FBI pointed out that 'specifically, Scheuer knowingly and without authorization transmitted programs, information, code, or commands that caused damage to a protected computer in an amount of at least $5,000 (approximately 760,000 yen).'
According to The Register, Scheuer faces up to 15 years in prison if convicted of the charges. A detention hearing for Scheuer is scheduled for November 5, 2024.
Related Posts:
in Software, Posted by log1r_ut