Breach, Threat Management

Social media takeover attack hits Disneyland

VentureBeat reports that Disneyland had its Facebook and Instagram accounts defaced with homophobic and racist posts by a threat actor using the alias "David Do," who appears to have been mulling revenge on Disneyland after a negative experience at the amusement park. Offensive and hateful posts have been promptly removed after Disneyland reclaimed the hacked accounts. Such an incident highlights the threat of social media account takeovers, with the particular case resulting from social media firms' weak authentication mechanisms, according to Vectra Chief Technology Officer Aaron Turner. "Because Instagram forced Disney to use a low-security authentication mechanism, essentially something that would not qualify as enterprise-grade authentication with appropriate logging, monitoring, and anomaly detection, it created an opportunity for this online vandalism to take place," Turner added. Keeper Security co-founder and CTO Craig Lurey called on organizations to implement security controls to ensure online account security. "Password managers can easily protect social media accounts with strong, unique passwords and can also protect the second factor (TOTP code). Social media accounts can also be shared from vault-to-vault securely among a marketing or social media team with role-based access controls and audit trails," said Lurey.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.