It looks like Mickey Mouse might need a refresher on digital security.
On Thursday morning The Happiest Place on Earth’s Instagram and Facebook accounts were briefly taken over by a self-described “super-hacker” who claims to have sought revenge on Disneyland employees who supposedly mocked his “small penis.” The “hacker” possessed all the hallmarks of an unoriginal internet troll.
“WHO’S THE TOUGH GUY NOW JEROME,” the poster, who identified himself as David DO,” wrote according to a screenshot saved by CBS News. The offending posts reportedly began to pop up around 3:50 a.m. Pacific time but appear to have been removed at the time of writing.
In addition to the above posts, which featured the image of a glasses-wearing young man with black hair and dark eyes, CBS Los Angeles notes three additional posts and one Instagram story featuring racial slurs and unhinged tangents. In some of those posts, the hacker reportedly used the n-word, while in others he reportedly claimed to have, “invented COVID and blamed it on Wuhan.” This supposed world-class hacker also claimed he was “working on COVID20.”
In a statement emailed to Gizmodo, a Disneyland official confirmed both its Instagram and Facebook accounts were compromised.
“Disneyland Resort’s Facebook and Instagram accounts were compromised early this morning,” the official said. “We worked quickly to remove the reprehensible content, secure our accounts, and our security teams are conducting an investigation.”
Gizmodo reached out to several accounts on Instagram and Twitch that appear to match the image and handle of the poster and but we haven’t heard back.
The troll’s posts seemed limited to Disneyland’s Instagram and Facebook accounts, which at the time of writing boasts a combined 25 million followers. The most recent post on Disneyland’s Instagram account at the time of writing depicts a performance of The Lion King, dated six days old.
If this was, in fact, a “hack” it will likely bring back bad memories for security workers in the Disney orbit. Back in 2019, the then recently launched Disney+ subscription streaming service fell victim to hackers who reportedly acquired users’ credentials and sold them on the dark web.
Update: 1:25 P.M: Added a statement from Disney.