Disney worker who hacked menus gets 3 years in prison

https://www.nytimes.com/2025/04/26/us/disney-worker-prison-hacking.html

24•jseip•9mo ago

Comments

mattl•9mo ago

Changing prices and adding profanity is one thing but when you alter the allergens on a menu you put people’s lives at risk.

sega_sai•9mo ago

From the article: "None of the changes, including falsified information about food allergens that could have been harmful to visitors, ever appeared before the public, according to court records."

EA-3167•9mo ago

It was caught through review, and the defense claimed that he knew that would be the case and therefore he put no one at risk. I'd argue that systems can fail, review can fail, and if that happened people could have died. Giving him credit for that seems absurd, and his claim that he just wanted attention is equally absurd. If you just want attention the profanity and price changes would achieve that.

Regardless he wasn't convicted of any crime related to potential harm to customers, he was convicted for hacking and identity theft.

SoftTalker•9mo ago

And probably only because Disney was his target and could pay a technical team unlimited money to investigate and spoon-feed the FBI and prosecutor everything they needed. A smaller chain or independent bar/restaurant would not have even gotten the time of day with a complaint about someone changing prices on a menu. And they would have been the ones in court defending any claims of injury due to undisclosed allergens, with only a vague claim of "our menu must have been hacked."

sokoloff•9mo ago

> he just wanted attention

Achievement unlocked.

erickhill•9mo ago

This is a dupe of an earlier submission https://news.ycombinator.com/item?id=43811864

shadowgovt•9mo ago

What credentials / access did he use to get into Disney's system after he was terminated?

squiffsquiff•9mo ago

Scheuer allegedly went into action quickly following his termination, and by early July was said to have used his work credentials, which still functioned after his termination, to access the menu creation system Disney contracted another company to create and change all the fonts in the system to wingdings symbols.

https://www.theregister.com/2024/10/30/fired_disney_employee...

shadowgovt•9mo ago

Okay. So while jail is probably appropriate given the potential threat of harm if nobody had reviewed the menus prior to their publication with the allergens stripped...

The tech community should not let Disney off the hook for failing to scrub the access credentials of a terminated employee. Because the law can punish one actor, but if the attack vector is still open, the public isn't safe from future more subtle incidents of menu manipulation (or other similar attacks by other disgruntled employees).

Is there any information on what Disney did after this incident to prevent another Scheuer in the future? The root of the attack is that the sFTP system was accessible via "credentials [that] were non-individualized, not specific to a particular user, and available for use by multiple employees with administrative access."

(I'm also a little unclear on whether this was all owned by Disney proper or they were farming this out to a third-party service provider company and that company screwed up. With so many entertainment venues in such a small area, Orlando is positively shot through with high-volume, hyper-focused service provider companies that do stuff like this).

IAmBroom•9mo ago

Yes! Disney should be more worried about their HR/IT practices, than one lone angry ex-employee.

And by worried, I mean: correcting lax or missing practices, not punishing scapegoats.

b8•9mo ago

The restitution seems too high. He probably was fired for going on mat leave as other companies have shown to do and wanted payback. The "unspecified misconduct" firing reason seems weird and they won't expand on it.

IAmBroom•9mo ago

"Probably".

Internet Experts(tm) are also telepaths.

We have no idea, and since his retaliation involved vandalism that could potentially harm bystanders, I'm going to go out on a limb and say... I have no idea why he was fired.

geor9e•9mo ago

Disney is quite famous for its strict allergen handling, to the point where people with deadly allergies who don't trust eating out anywhere else make an exception for Disney restaurants. So, were it not for this mass murder attempt, he probably would have gotten off a lot more lightly for some mischief charges.

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

OpenClaw Is Changing My Life

Haskell for all: Beyond agentic coding

SectorC: A C Compiler in 512 bytes (2023)

Total surface area required to fuel the world with solar (2009)

Software factories and the agentic moment

LLMs as the new high level language

Speed up responses with fast mode

Hoot: Scheme on WebAssembly

Brookhaven Lab's RHIC concludes 25-year run with final collisions

The Architecture of Open Source Applications (Volume 1) Berkeley DB

Stories from 25 Years of Software Development

Vocal Guide – belt sing without killing yourself

First Proof

Substack confirms data breach affects users’ email addresses and phone numbers

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Wood Gas Vehicles: Firewood in the Fuel Tank (2010)

Vouch

Al Lowe on model trains, funny deaths and working with Disney

Start all of your commands with a comma (2009)

Show HN: A luma dependent chroma compression algorithm (image compression)

LineageOS 23.2

The AI boom is causing shortages everywhere else

FDA intends to take action against non-FDA-approved GLP-1 drugs

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

Where did all the starships go?

Selection rather than prediction

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Monty: A minimal, secure Python interpreter written in Rust for use by AI

Unseen Footage of Atari Battlezone Arcade Cabinet Production