Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information (404media.co) 123

An anonymous reader shares a report: A disgruntled former Disney employee allegedly repeatedly hacked into a third-party menu creation software used by Walt Disney World's restaurants and changed allergy information on menus to say that foods that had peanuts in them were safe for people with allergies, added profanity to menus, and at one point changed all fonts used on menus to Wingdings, according to a federal criminal complaint.

The suspect in the case, Michael Scheuer, broke into a proprietary menu creation and inventory system that was developed by a third-party company exclusively for Disney and is used to print menus for its restaurants, the complaint alleges. The complaint alleges he did this soon after being fired by Disney using passwords that he still had access to on several different systems. Once inside the systems, he allegedly altered menus and, in once case, broke the software for several weeks.

"The threat actor manipulated the allergen information on menus by adding information to some allergen notifications that indicated certain menu items were safe for individuals with peanut allergies, when in fact they could be deadly to those with peanut allergies," the criminal complaint states. According to the complaint, the menus were caught by Disney after they were printed but before they were distributed to Disney restaurants. Disney's menus have extensive "allergy friendly" sections.

Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information

Comments Filter:
  • Ah not to worry. (Score:4, Insightful)

    by Anonymous Coward on Wednesday October 30, 2024 @11:24AM (#64906277)

    Even if there were allergy problems that arose from this, chances are the victim would be a Disney+ subscriber, so Disney is legally in the clear!

    • Would be funny if peanut allergy was not actually lethal.

      • Re: (Score:2, Interesting)

        by cayenne8 ( 626475 )

        Would be funny if peanut allergy was not actually lethal.

        Has anyone figured out where this relatively NEW phenomena of peanut allergies has come from?

        There was NO such thing when I grew up as a kid....peanuts were at schools...hell on any given day, I'd say half the kids lunches in elementary school were PB&J's.....

        No scares...no mass dying of peanuts.

        So, what the hell caused this in the past couple decades?

        • Has anyone figured out where this relatively NEW phenomena of peanut allergies has come from?

          Agent Orange, perhaps?

        • Re:Ah not to worry. (Score:4, Informative)

          by transwarp ( 900569 ) on Wednesday October 30, 2024 @12:47PM (#64906635)
          We know that lack of exposure to peanuts as a baby can cause it (or exposure can prevent it, whichever way you want to see it). Studies with ethnic groups in the US and abroad where the US population didn't have peanuts in their babies' diets basically ruled out strong genetic factors.

          Now, I doubt the US baby peanut intake used to be high, so there's probably another thing causing the allergy to manifest after they're not pre-emptively exposed.
          • by RobinH ( 124750 )
            What's changed is that we went through a phase where expectant mothers were told not to eat peanuts or peanut butter. I suspect the kids born during that time-frame are more likely to be allergic. I know it's anecdotal but my wife ignored that advice and our kids don't have a peanut allergy. A mom friend of ours never ate peanut butter (she prefers nutella) and one of her kids has an allergy to peanuts (but not tree nuts). I suspect being exposed in the womb is similar to exposure as a baby.
        • For a while, peanut allergies caused peanut allergies. Overreaction to the peanut allergies led to parents delaying introducing peanuts and peanut butter to the diet and older kids not being allowed to take a PB&J sandwich to school. Lack of exposure leads to more allergies.

        • by lsllll ( 830002 )

          Jonathan Haidt talks about this exact topic in the last chapter of his book, The Coddling of the American Mind. It's due to overreaction on the parent's and community's side. Basically there were a few cases of peanut allergy and all of a sudden everyone thoughts "No big deal. I'll just keep my kids away from peanuts." But by keeping the kids away from them, their bodies didn't learn to cope with the possible allergen at an early age and then it was too late.

          The same thing happened with parents not allo

          • National Center for Missing and Exploited children reports approximately 4000 non-family abductions in 1984 and 58000 in 2004.
          • Nah, this is way too simplistic. That would mean there had to have been many times and many places throughout our history where entire societies were allergic to peanuts. I think they would have figured that out and we would have heard about it. In addition, I'm 100% sure there many, many mothers throughout the years that didn't like peanuts and didn't include them in their diet or their baby's. I mean, really think about the idea that a single generation can avoid a single food and it becomes 10 times
            • My opinion is these people survive, in the olden days they would just die if they had a peanut allergy in places where you could get peanuts. They may of not even known why they died. Now because of medical science people with peanut allergies breed so its no longer a evolutionary selection criteria.

        • by Nite_Hawk ( 1304 )

          No one really knows yet. We have immune system issues in my family ranging from Crohn's disease (both myself and my father) to nut and egg allergies. Some of the research that's come out specific to Crohn's disease is that people who live in or immigrate to western societies are more likely to develop it. There's also a correlation between Crohn's disease and northern latitudes. There appears to be both a biological and an environment component to it, but more people are getting it now than ever, but th

          • by kackle ( 910159 )
            Tack on to that that much of our immune systems' functionality comes from our gut (microbiome). And the poisons currently used on our food supply against weeds, insects and germs have been demonstrated to disrupt that microbiome. Oops.
        • by dbialac ( 320955 )
          Probably because they were dead.
        • Probably a mix of peanut allergy awareness and the generally greater amount of food diversity in a globalized economy.

          Peanut allergies generally come from not being exposed to peanuts at a young age. So as peanut allergy awareness went up, parents became scared to give their kids peanuts, which in turn means they're likely giving their kids peanuts allergies. Add in the schools that forbid peanuts because one kid has an allergy and it exacerbates the problem. There was even a period where the federal govern

        • Re:Ah not to worry. (Score:4, Informative)

          by garyisabusyguy ( 732330 ) on Wednesday October 30, 2024 @02:57PM (#64907047)

          This is a long and convoluted story

          Around 2000 doctors were concerned about a relatively rare malady that occurs when infants eat adult foods and experience a nearly fatal response

          It occurs in about 1 in 10,000 children, and as a result the American Pediatrics Association published a suggestion that parents strictly limit exposure of infants to anything but formula for the first six month of life

          The net results of this were a tragic rise in the instance of food allergies, particularly involving peanuts, but including shellfish, eggs, other nuts, etc...

          Some researchers noted that Israel has a popular infant food based on peanuts, and their population has a very low instance of food allergies

          They conducted a study of Ashkenazi (to limit effects of genetics, they are very similar groups in both Israel and Europe) children in both Europe and Israel, and found that the ones who limited food variety in infancy had food allergy issues that they other group did not experience

          Further studies such as Learning Early About Peanut (LEAP) trial (Du Toit G, et al. N Engl J Med. 2015;372:803-813). The study randomized 640 infants from 4-11 months of age with severe eczema and/or egg allergy to ingest or avoid peanut until 60 months of age. The study excluded infants with large positive skin prick tests (SPTs) to peanut, assuming they already were allergic, and stratified the enrolled infants as having no peanut SPT wheal or having one that was 1-4 millimeters in diameter.

          The results showed that in the negative SPT group, the prevalence of peanut allergy at age 5 was 13.7% in the avoidance group vs. 1.9% in the consumption group (plt0.001; 86.1% relative risk reduction). Among those in the SPT positive group, the prevalence of peanut allergy was 35.3% in the avoidance group and 10.6% in the consumption group (p=0.004; 70% relative risk reduction). [nih.gov]

          It is truly unfortunate that so many people now suffer from life-long food allergies due to the poorly thought out recommendations of well-meaning pediatricians

          It is even worse, that parents continue to follow these 'rules' and are causing life long problems for their own children

          Here is further reading for anybody who thinks they know better:
          https://publications.aap.org/a... [aap.org]
          https://publications.aap.org/p... [aap.org]
          https://pmc.ncbi.nlm.nih.gov/a... [nih.gov]
          https://www.nih.gov/news-event... [nih.gov]
          https://www.nih.gov/news-event... [nih.gov]

        • My son (8) has a peanut allergy. I asked his allergist about the cause and was told me that there's no clear consensus. There is apparently lots of evidence pointing to environmental causes and also lots of evidence pointing to genetic causes, while the actual truth probably has elements of both. It's also possible that different people have different causes.

          In a way he's lucky because he's repulsed by even the smell, and his reaction seems to be to vomit instead of going onto anaphylactic shock. I'm
          • s/was told me/was told/
          • I am sorry that you allergist does not trust you enough to let you now what happened (see my documentation above)

            Please go to this website and review the FDA suggested treatment for long-term resolution of peanut allergies

            https://acaai.org/health-care-... [acaai.org]

            There is a very good chance that you can keep your child from a life-long malady

        • by edwdig ( 47888 )

          Has anyone figured out where this relatively NEW phenomena of peanut allergies has come from?

          There's a ton of theories. And lots of conflicting studies.

          For a while there was evidence suggesting that peanut exposure at a really young age lead to increased odds of an allergy. That lead to guidance recommending avoiding peanuts until age 3. It might have progressed to 3 in stages, I'm not sure.

          Then there was evidence that aggressively avoiding peanuts actually increased the odds, so now the guidance is to introduce peanuts really early.

          There have been studies recently that suggest that if the mother t

        • Supposedly, and I am not a biology person, the contributing factor to the increase in peanut allergy is due to the recommendation to delay introducing peanuts in the diets of infants. Countries that do not have such a recommendation have not seen an increase. No idea if this is true, YMMV, etc
      • He should have went for the lactose intolerance angle and gave most people diarrhea instead of trying to commit murder.

        I wish more people would ask me about alternatives to murder. I'm REALLY good at not running around like a lunatic and murdering people.

        Hell, he could have taken up basket weaving. Maybe make designs showing the Steamboat Willie version of Mickey Mouse having steamy romance with Peg-Leg Pete.

      • Apparently, you didn't get the joke [npr.org], but I do wonder if these cases are curiously related.
    • Oh, Disney is definitely in the clear. The guy who did the hacking? He's gonna do prison time. For sure.
    • "By any of your bodily senses ever picking up on anything Disney, you automatically agree to never sue us."
  • Obvious Question (Score:5, Informative)

    by Rinnon ( 1474161 ) on Wednesday October 30, 2024 @11:28AM (#64906285)
    Whose job is it to offboard employees such that they aren't just leaving people with access to their systems after firing them? HR? IT? I'm looking at you. I mean... c'mon.
    • by Joviex ( 976416 )

      Whose job is it to offboard employees such that they aren't just leaving people with access to their systems after firing them? HR? IT? I'm looking at you. I mean... c'mon.

      Still have my accounts (active) after leaving 3 years ago. Its amazing, aint it? They fire the capable, and keep the morons.

      • - passwords deactivated
        - security keycard deactivated
        - The supervisor with at least 2 big burly security guards walks up to the worker
        - "You're fired"
        - 5 minutes with the big burly security guards flanking the worker as he clears his desk of all personal items
        - worker escorted of premisis /\
        --- all done in that order

        Yes, it's as cold, heartless, and efficient as it sounds, and I'm very surprised Disney does not do this.

        • I am guessing this is related to cloud hosted services with shared passwords. Two great gotchas for proper security protocols.

        • You're wrong.

          It's usually 15 minutes you're allowed before getting manhandled.

        • You kind of assume that both the IT department and management are organized well enough to do something in less than a week's time.

    • Whose job is it to offboard employees such that they aren't just leaving people with access to their systems after firing them? HR? IT? I'm looking at you. I mean... c'mon.

      As long as Disney can point to one specific culprit, already fired, they'll do so. Never mind shit policy and the entire chain of failure that led to this incident. Corporations are not responsible for anything. Individuals are. Unless its systemic and the only culprits sit on the board. Then nobody's responsible. It's just good business.

      • by timeOday ( 582209 ) on Wednesday October 30, 2024 @12:52PM (#64906655)
        Disney didn't force or even incentivize him to do this. Failing to prevent somebody from willfully committing a crime is not a crime.

        Committing a crime is a crime.

        • by gweihir ( 88907 )

          On the other hand, not revoking access is gross negligence. You know, the kind that makes you liable.

          • I agree that if this guy had managed to kill somebody they would have sued Disney not the guy, and failing to cut off his access would have cost Disney bigtime in that case.
            • by gweihir ( 88907 )

              If he had killed somebody, Disney would have been sued for compensation and this guy would have gone to prison for manslaughter. Well, he might still get some time behind bars to make it clear to him what he was doing there. Unfortunately we cannot reduce people like that to Kindergarten and make them try to become decent adults again.

    • Happens all the time. It is HR's job to offboard people and IT's job to remove their access. In any large organization, the communication between two groups reporting to different people is usually very poor. Even assuming HR remembers to inform IT, there is no reason to believe that there is someone in that organization whose job it is to take care of it.
      • Especially when "IT" means a mix of outsourcing companies which handle wildly different credential suites and access solutions.
        This happens in pretty much every corporation. Single Sign On is a wet dream.

      • Yeah, my old boss would regularly forget to tell me when people left or were let go. I'd eventually hear about it through random conversation and have to do periodic audits to check if any of these people were still working for us.

        Fortunately I practiced the principle of least privilege, so only a select few people (basically just 3 people, including myself) could do significant damage, and those were people I would know were gone pretty quickly. We also had very low turnover.

    • Maybe cut people a severance check once in a while. The classic: "No hard feelings. Here's 6 weeks if you promise to GTFO"

      • Someone looking to sabotage a former employer like this may not be persuaded with money. I have been through many layoff where severance was measured in months not weeks but some employees had to be escorted out immediately because they were so angry. And this was when layoffs were rumored to be happening soon.
    • by Njovich ( 553857 )

      The person that was fired should not criminally use systems after they get fired. Period. That's 'his job'. While it's a good habit to throw out old employee accounts, still having an old password does not make it OK to still use it in a way that harms the company or other people.

    • That job was moved overseas. Just like their turd party menu system.
    • Whose job is it to offboard employees such that they aren't just leaving people with access to their systems after firing them? HR? IT? I'm looking at you. I mean... c'mon.

      By the sounds of it, the ex-employee had pretty extensive knowledge of their IT systems. If the disgruntled ex-employee happened to have been a System Administrator, it's quite possible that he granted himself more access that what the HR department knows how to disable.

  • by Rosco P. Coltrane ( 209368 ) on Wednesday October 30, 2024 @11:33AM (#64906305)

    to put people's lives at risk because you have a beef with your employer.

    • The other things could be written off like pranks, but messing with allergy info isn't okay.

      • by Ksevio ( 865461 )

        Especially in that manner. If he had changed it so it said something like the Swedish Fish may contain shellfish that would be kind of funny and people with allergies could at least err on the side of caution and not eat anything

      • by gweihir ( 88907 )

        If somebody gets hurt or dies, it falls under (attempted) manslaughter. You have to be _really_ stupid to do something like this.

        • by sconeu ( 64226 )

          Depending on the jurisddiction, it could be considered Felony Murder.

          I'm not sure if Federal law includes such a provision.

    • The guy is a real mental case, but people typically don't just become that way for nothing. Something rotten led up to this even before he was terminated.
      • The guy is a real mental case, but people typically don't just become that way for nothing. Something rotten led up to this even before he was terminated.

        A mentally healthy person doesn't act like this no matter how badly they get treated at work.

        • by dbialac ( 320955 )
          What I've seen is that either a mentally healthy person has already found another job when their supervisors are abusive, or because other people in the organization like them, they get promoted over the supervisor and the former supervisor gets canned. Relationships matter, folks. It's not what you know, it's who you know and how you behave towards them.
        • by gweihir ( 88907 )

          Clearly. Why does this even need to be stated?

    • by gweihir ( 88907 )

      Indeed. However there are many crappy human beings that think the world is all about them and others do not matter.

    • by RobinH ( 124750 )
      Yeah, that's what I thought. This guy could easily end up with a manslaughter charge if something bad happened.
  • "The complaint alleges he did this soon after being fired by Disney ***using passwords that he still had access to on several different systems.***" Dumb, dumb, and dumb. I bet they didn't deactivate his key card before telling him he was fired either.
  • That's clear attempted murder, should be taken very seriously. Why are they only charging him with "computer fraud" .. he tried to kill people.

  • by iAmWaySmarterThanYou ( 10095012 ) on Wednesday October 30, 2024 @12:05PM (#64906439)

    Why do people do post-firing hacking on their former employer?

    They fired you. That sucks. You're not getting your job back. Work on your resume and move on. You hate them so much and cared so much about some dumb job and your stupid boss that you'd go to prison and fuck up your whole life to inflict some temporary harm on them? Super fucking crazy. No wonder he got fired. He was a psycho and a bad hire in the first place.

    Be it your former job or your ex-spouse or bf/gf or bff or your dog runs away, just move the fuck on. There is no benefit to going psycho on people who are now your past.

    • by gweihir ( 88907 )

      Why do people do post-firing hacking on their former employer?

      Because these people are deeply stupid and think it is all only about them. Gigantic egos, rather small skills. Common occurrence these days.

      There is no benefit to going psycho on people who are now your past.

      Indeed. But it takes a rational mind and some pragmatism to see that. There are plenty of people that fail this test.

    • Why do people do post-firing hacking on their former employer?... You're not getting your job back...

      Maybe you have a mellower temperament, but when a good portion of people are angry they are not thinking rationally. Reptilian fight-or-flight instincts kick in, and the urge to cause instant harm as retaliation is set to level 11.

      When I get riled up I try to go for a jog or long walk to burn off excess energy caused by adrenaline. Plus the journey gives me time to mellow out and think clearer. (Passer-by's

      • > Maybe you have a mellower temperament

        Lol, I've been called all sorts of things throughout my life but that's a first :-)

        Seriously though, I've worked about a dozen startups, for the Feds, for the state, for huge and medium corporations. I've survived countless layoffs, office ninja'd my way out of one firing, been laid off several times as the startups went under, been fired once and rage quit twice. But at no time ever have I ever no matter how badly or unfairly I was sometimes treated ever once con

  • by Malay2bowman ( 10422660 ) on Wednesday October 30, 2024 @12:19PM (#64906501)
    It just dawned on me that if he didn't do the profanity and wingdings, there is no telling how long the altered peanut allergy information would've gone unnoticed before someone might have gotten sick or died.
  • Damn, we thought Disney was the worst but taking peanut allergy info off of menus is a real concentrated bit of evil.

    One supposes this is Disney's available tech recruiting pool after what they paid Fritz Hollings to do?

    Still, attacking innocents like this is on par with the neverending pedo ring stings at Disney.

    Walt must be spinning in his cryogenic chamber.

  • One, it's sensational. Two, it doesn't make a whole lot of sense. Someone is smart enough to pull that off, but doesn't understand the extreme difference between embarrassing a company and endangering lives? This source offers a lot of sensational content with minimal external overlap. My skepticism of it grows with time.
  • by RogueWarrior65 ( 678876 ) on Wednesday October 30, 2024 @01:26PM (#64906777)

    Changing the font to Wingdings is amusing but it would be even funnier if the hacker used Comic Sans or... wait for it... Papyrus.

  • Clearly he deserved firing for being dumb. Instead of putting people at risk, he could have simply changed items that didn’t contain nuts, to say they did. Not only would this not risk harming people with nut allergies, it would subtly reduce the sales of that item, costing Disney money in lost sales. If he didn’t have the sense to do it that way round, he doesn’t pass the minimum intelligence test to have a job.

Any sufficiently advanced technology is indistinguishable from a rigged demo.

Working...