According to a criminal complaint filed in the United States District Court for the Middle Court of Florida, Michael Scheuer is accused of hacking into a third party’s menu creation software using unchanged passwords after his termination to change menu item listings.
Scheuer’s job title was “Menu Production Manager,” and the complaint lists his firing date as “on or about June 13, 2024” for “misconduct.” From there, it is alleged that he caused issues with Walt Disney World’s menu listings.
While Disney is not being identified by name, 404 Media claims they confirmed that “Company A” is indeed Disney.
The complaint alleges that Scheuer ” was responsible for the creation and publishing of menu items for the entire restaurant portfolio of Company A.”
It also states that, over three months, multiple “computer intrusions” into the Menu Creator servers and “manipulations” were made to the menus of restaurants owned and operated by the company after his dismissal.
One allegation involves public health and safety
The more significant issue is that the bad actor made changes that could “threaten public health and safety” by “manipulating the allergen information on menu items that contain peanut allergens. The individual marked them safe for those with peanut allergies, which could have resulted in severe illness or death.
These changes were reflected on printed menus meant for restaurants. However, they were caught before distribution.
“On September 16, 2024, Company A identified menus that were printed
from SFTP Server 1 with the altered allergen information and pricing changes. More
specifically, the threat actor added notations to menu items indicating they were safe
for people with specific allergies, which has potentially fatal consequences depending
on the severity of the customers’ allergies. It is believed these menus were identified
and isolated by Company A prior to being shipped out to restaurants and were not
distributed further.”
Other alleged sabotage.
Another issue involved replacing all fonts with (wingdings) symbols, making all menus in the database unusable. This necessitated taking down the entire site to reboot with backup menus. This necessitated shutting down the system for one to two weeks.
The passwords were changed at this point, but Scheuer is accused of manually conducting a DoS attack and then using a script to attempt to log into the system incorrectly. Doing this thousands of times (over 100,000) caused the system to lock approved users out.
14 users were targeted specifically, and upon investigation, they all had a connection to Scheuer and were “upper management.”
Eventually, a search warrant was issued for Scheuer’s residence.
It’s very concerning that this individual allegedly went as far as to endanger guests with menu changes to allergy information, especially given the recent death of a doctor at Disney Springs.
These two cases are not related.
You can read more on the case filing here.
It is, of course, possible that “Company A” is not Disney, but no matter who it is, this is a serious issue that is estimated to have cost the company over $150,000 in damages.
What do you think? Comment and let us know!
Pirates & Princesses (TM) (Stylized as PNP) is an independent, opinionated News and Information site focused on Travel, Entertainment, Fashion, the “Geek Girl” Lifestyle, and more. We focus heavily on Walt Disney World, Disneyland, Universal Orlando Resort, and other themed entertainment and travel destinations. Our news staff includes former theme park and entertainment industry employees, journalists and dedicated pop culture and theme park enthusiasts. Opinions expressed by contributors do not necessarily reflect the views of this site, our affiliates or our sponsors.