Disney worker who hacked menus gets 3 years in prison

https://www.nytimes.com/2025/04/26/us/disney-worker-prison-hacking.html

24•jseip•9mo ago

Comments

mattl•9mo ago

Changing prices and adding profanity is one thing but when you alter the allergens on a menu you put people’s lives at risk.

sega_sai•9mo ago

From the article: "None of the changes, including falsified information about food allergens that could have been harmful to visitors, ever appeared before the public, according to court records."

EA-3167•9mo ago

It was caught through review, and the defense claimed that he knew that would be the case and therefore he put no one at risk. I'd argue that systems can fail, review can fail, and if that happened people could have died. Giving him credit for that seems absurd, and his claim that he just wanted attention is equally absurd. If you just want attention the profanity and price changes would achieve that.

Regardless he wasn't convicted of any crime related to potential harm to customers, he was convicted for hacking and identity theft.

SoftTalker•9mo ago

And probably only because Disney was his target and could pay a technical team unlimited money to investigate and spoon-feed the FBI and prosecutor everything they needed. A smaller chain or independent bar/restaurant would not have even gotten the time of day with a complaint about someone changing prices on a menu. And they would have been the ones in court defending any claims of injury due to undisclosed allergens, with only a vague claim of "our menu must have been hacked."

sokoloff•9mo ago

> he just wanted attention

Achievement unlocked.

erickhill•9mo ago

This is a dupe of an earlier submission https://news.ycombinator.com/item?id=43811864

shadowgovt•9mo ago

What credentials / access did he use to get into Disney's system after he was terminated?

squiffsquiff•9mo ago

Scheuer allegedly went into action quickly following his termination, and by early July was said to have used his work credentials, which still functioned after his termination, to access the menu creation system Disney contracted another company to create and change all the fonts in the system to wingdings symbols.

https://www.theregister.com/2024/10/30/fired_disney_employee...

shadowgovt•9mo ago

Okay. So while jail is probably appropriate given the potential threat of harm if nobody had reviewed the menus prior to their publication with the allergens stripped...

The tech community should not let Disney off the hook for failing to scrub the access credentials of a terminated employee. Because the law can punish one actor, but if the attack vector is still open, the public isn't safe from future more subtle incidents of menu manipulation (or other similar attacks by other disgruntled employees).

Is there any information on what Disney did after this incident to prevent another Scheuer in the future? The root of the attack is that the sFTP system was accessible via "credentials [that] were non-individualized, not specific to a particular user, and available for use by multiple employees with administrative access."

(I'm also a little unclear on whether this was all owned by Disney proper or they were farming this out to a third-party service provider company and that company screwed up. With so many entertainment venues in such a small area, Orlando is positively shot through with high-volume, hyper-focused service provider companies that do stuff like this).

IAmBroom•9mo ago

Yes! Disney should be more worried about their HR/IT practices, than one lone angry ex-employee.

And by worried, I mean: correcting lax or missing practices, not punishing scapegoats.

b8•9mo ago

The restitution seems too high. He probably was fired for going on mat leave as other companies have shown to do and wanted payback. The "unspecified misconduct" firing reason seems weird and they won't expand on it.

IAmBroom•9mo ago

"Probably".

Internet Experts(tm) are also telepaths.

We have no idea, and since his retaliation involved vandalism that could potentially harm bystanders, I'm going to go out on a limb and say... I have no idea why he was fired.

geor9e•9mo ago

Disney is quite famous for its strict allergen handling, to the point where people with deadly allergies who don't trust eating out anywhere else make an exception for Disney restaurants. So, were it not for this mass murder attempt, he probably would have gotten off a lot more lightly for some mischief charges.

Start all of your commands with a comma

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

The Waymo World Model

How we made geo joins 400× faster with H3 indexes

Jeffrey Snover: "Welcome to the Room"

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Vocal Guide – belt sing without killing yourself

Monty: A minimal, secure Python interpreter written in Rust for use by AI

Show HN: I spent 4 years building a UI design tool with only the features I use

Hackers (1995) Animated Experience

Sheldon Brown's Bicycle Technical Info

Microsoft open-sources LiteBox, a security-focused library OS

Show HN: If you lose your memory, how to regain access to your computer?

Where did all the starships go?

An Update on Heroku

ga68, the GNU Algol 68 Compiler – FOSDEM 2026 [video]

Was Benoit Mandelbrot a hedgehog or a fox?

PC Floppy Copy Protection: Vault Prolok

Dark Alley Mathematics

How to effectively write quality code with AI

Delimited Continuations vs. Lwt for Threads

Female Asian Elephant Calf Born at the Smithsonian National Zoo

I now assume that all ads on Apple news are scams

Introducing the Developer Knowledge API and MCP Server

Understanding Neural Network, Visually

I spent 5 years in DevOps – Solutions engineering gave me what I was missing

The AI boom is causing shortages everywhere else

Why I Joined OpenAI

Learning from context is harder than we thought