Cyber Incident Victim: The Walt Disney Company

On July 7, 2022, Disneyland Resort’s official Facebook and Instagram accounts were compromised by an attacker identifying as “David Do.” The hacker posted multiple offensive images featuring a person alongside messages laden with expletives, including repeated use of racial and homophobic slurs. The attacker claimed to be a “super hacker” during the breach. The compromised accounts, which collectively had approximately 8.4 million followers, disseminated these posts for several hours before Disneyland’s security teams intervened. The company swiftly removed the objectionable content, temporarily took down the affected accounts, and initiated an internal investigation to determine the scope and origin of the compromise. A Disneyland spokesperson confirmed the incident, emphasizing efforts to secure the accounts and address the “reprehensible” material.

The breach caused immediate reputational disruption due to the high visibility of Disneyland’s social media presence. While no customer data theft or financial motives were identified, the incident highlighted the risk of non-financial attacks targeting brand integrity. Industry experts, including Arctic Wolf’s Ian McShane, noted that high-follower accounts remain attractive targets for threat actors seeking to inflict reputational harm rather than steal data. The event occurred shortly after the British Army’s social media accounts were similarly hijacked for cryptocurrency scams, underscoring broader vulnerabilities in organizational social media management. Disneyland’s response focused on containment via content removal and account security restoration, with no further operational disruptions disclosed. The investigation remained ongoing at the time of reporting, with no additional attacker motives or methodologies confirmed.