Need to alert Disney's IT department of MAJOR SECURITY glitch

Status
Not open for further replies.
I don't know how you all get in to any account. When I sign in mine comes up for split second, long enough for me to see my name, and then goes back to the sign in page. The number I was given to call for support has a wait of 30 minutes or longer. I saw this thread right after that starting happening but gave it a day to see if things would change.
 
Exactly. When major retailers have a security breach involving credit card info it is ALL OVER the news. Customers are contacted that their credit card info *may* have been compromised and advised how to move forward. If this is happening on an ongoing basis with Disney, why isn't it a major news story? And why are those of us with MDE accounts not being informed by Disney that glitches are occurring and to please delete our card info to be on the safe side?
Agreed. I hope Disney is investigating this to assess the magnitude.

We've been affected by too many breaches (Home Depot, Equifax, Chili's, OPM, etc.). We really need to know if this is a situation where personal information may have been compromised.

Mike
 
I don't know how you all get in to any account. When I sign in mine comes up for split second, long enough for me to see my name, and then goes back to the sign in page. The number I was given to call for support has a wait of 30 minutes or longer. I saw this thread right after that starting happening but gave it a day to see if things would change.
Interesting. That hasn't my experience. I just logging into to see if it would do that and I logged in once and got to all the various screens without having to login again. This whole system seems to some weird inconsistencies.

Mike
 


This chilled me to the bone. This is the first time I experience something like that with the application. Disney's IT have to deploy software patches immediately. The fact that my family's information is not secured and can be exposed is unsettling.
What worries me is that in order to deploy a patch assumes they know what the problem is and that a patch has been written to fix the problem. It's a race to find and fix the problem before someone else realizes there's an opportunity here and exploits it.

We've been affected by too many breaches already. We don't need another one.

Mike
 
Interesting. That hasn't my experience. I just logging into to see if it would do that and I logged in once and got to all the various screens without having to login again. This whole system seems to some weird inconsistencies.

Mike
I only log in once and click all over the site looking at my trip and personal info.
 
I had this happen about a year ago. I logged in, and in addition to my family’s info, I saw another family’s info as well. I even could have reassigned their park tickets! Ridiculous. As much as I dislike the recent update (I get stuck in loops that direct me to log-in over and over and over...never getting me to the page I want. I’ve had to call several times this week just to do things like make a reservation. And when I made the reservation, I then discovered it was made for two adults instead of for myself and my 7 year-old DD. So I had to call again to fix it). This is not anything new, though. This glitch has been happening for some time. I will never understand Disney technology!
 


This is what happens when a major company fires HUNDREDS of American IT workers and then literally forces them to stay to train their foreign replacements (making pennies on the dollar) or they don’t get their severance package. In IT, as in most things, you get what you pay for. Now you see why Disney IT is a hot mess.

Since I’m not allowed to post links, here’s the story of how this IT downfall began in 2016. I encourage you to research for yourselves.

————————————
Disney 'forced 250 of its American IT workers to train up the Indian workers who replaced them'

Walt Disney Parks and Resorts is being sued by 30 former IT staff from its Florida offices who claim they were unfairly replaced by foreign workers - but only after being forced to train them up.

The suit, filed Monday in an Orlando court, alleges that Disney laid off 250 of its US IT staff because it wanted to replace them with staff from India, who were hired in on H-1B foreign employee visas.



After all IT worked so well before they did this didn’t it?

Nope. This is always been a disaster of a shop.


While I would like those people to get their jobs back I don’t think that’s going to fix our problems
 
I don't really want to be seen as a company apologist here, as I'm as annoyed by technical glitches as anyone else and think it's entirely valid and helpful to report bugs.

But people are saying things like -
I hope Disney is looking into this -- when there's no conceivable way people aren't pulling long hours to troubleshoot and squash bugs. It's possible that it's squashed already as soon as they saw it was happening. And if it happens again, let them know so they can figure out how to replicate the issue.
The company refuses to spend money on application development - when MDE has a huge ongoing development budget, to say nothing of the initial billion+ dollar project that it was part of.
Disney just lays people off - but hiring is cyclical. And outsourcing does happen but it often permits more investment here at home. In any case, some people complain about cutbacks over decades and the truth is that there has been net expansion in jobs and projects, including MDE itself.
 
After all IT worked so well before they did this didn’t it?

Nope. This is always been a disaster of a shop.


While I would like those people to get their jobs back I don’t think that’s going to fix our problems
Well, at the very least, at no point in the past has anyone logged into the Disney website to see other familes’ detailed vacation plans, which is happening here today, so...
 
I don't really want to be seen as a company apologist here, as I'm as annoyed by technical glitches as anyone else and think it's entirely valid and helpful to report bugs.

But people are saying things like -
I hope Disney is looking into this -- when there's no conceivable way people aren't pulling long hours to troubleshoot and squash bugs. It's possible that it's squashed already as soon as they saw it was happening. And if it happens again, let them know so they can figure out how to replicate the issue.
The company refuses to spend money on application development - when MDE has a huge ongoing development budget, to say nothing of the initial billion+ dollar project that it was part of.
Disney just lays people off - but hiring is cyclical. And outsourcing does happen but it often permits more investment here at home. In any case, some people complain about cutbacks over decades and the truth is that there has been net expansion in jobs and projects, including MDE itself.
When I said I hoped they were looking into this, I was referring to the personal information/data breach aspect of this. I'm sure this is already an all hands on deck situation to find and plug the hole. I suspect they knew about it before we did...at least I hope so.

I don't want to this to wind up being another Uber situation.

Well, at the very least, at no point in the past has anyone logged into the Disney website to see other familes’ detailed vacation plans, which is happening here today, so...
There is a poster in this thread stating this happened to them about a year ago so it apparently has happened in the past.

Mike
 
I don't know how you all get in to any account. When I sign in mine comes up for split second, long enough for me to see my name, and then goes back to the sign in page. The number I was given to call for support has a wait of 30 minutes or longer. I saw this thread right after that starting happening but gave it a day to see if things would change.

Mine has been doing this exact same thing for a few days now and it's beyond frustrating!!!! I have tried doing a hard shutdown of my laptop, clearing the history, trying different search browsers....nothing seems to work. Have you had any luck getting thru to support? Would you mind posting their number, I will also try calling tomorrow. Thank you!



 
Last edited:
Exactly. When major retailers have a security breach involving credit card info it is ALL OVER the news. Customers are contacted that their credit card info *may* have been compromised and advised how to move forward. If this is happening on an ongoing basis with Disney, why isn't it a major news story? And why are those of us with MDE accounts not being informed by Disney that glitches are occurring and to please delete our card info to be on the safe side?
Because when your retailer has a breach, most times it is through the merchant services 3rd party business. There the entire CC number, your expiration date and the other information stored on the magneticc strip. I don't think that this has the opportunity to access your credit card.
 
After all IT worked so well before they did this didn’t it?

Nope. This is always been a disaster of a shop.


While I would like those people to get their jobs back I don’t think that’s going to fix our problems

There's a different group that manages the load balancers vs the developers, possibly geographically separated. The sessions are timing out and moving people to a different server and the session IDs are inexplicably being reused.

Without getting into the weeds technically, it's not likely you can actually change someone else's bookings. That said, the fix will be tricky, so don't hold your breath.
 
Because when your retailer has a breach, most times it is through the merchant services 3rd party business. There the entire CC number, your expiration date and the other information stored on the magneticc strip. I don't think that this has the opportunity to access your credit card.
If someone accidentally views you profile they can see your last for of the card, you name as it appears on your card, and the expiration date. In the wrong hands that can be very useful.

IMHO, the real problem would be a hacker gets wind of people being able to see other peoples accounts and then attack and exploit the security hole. They your whole card number is within their grasp. And make no mistake about it, if there's a situation where one person can see another persons account then that's a security hole that can be exploited.

Hopefully that hole is plugged already.

Mike
 
Hopefully that hole is plugged already.

It's virtually impossible to know which session you'd see if/when you timed it just right to be shown another session's information. So while it is true that there is a serious data exposure issue, it's still highly unlikely you'd be able to correlate it with someone you know. That other random person just happens to be logged in at the same time on a different server. Next time it'll be a totally different random person's info.
 
I don't know how you all get in to any account. When I sign in mine comes up for split second, long enough for me to see my name, and then goes back to the sign in page. The number I was given to call for support has a wait of 30 minutes or longer. I saw this thread right after that starting happening but gave it a day to see if things would change.

Just in case it's helpful... I had the same issue with an airline I was trying to log in with. It turned out the problem was at my end, I'd blocked enough cookies that the website wasn't able to stay logged in and would kick me out a moment after I did, every time. I can get a bit block-happy lol.
 
Exactly. When major retailers have a security breach involving credit card info it is ALL OVER the news. Customers are contacted that their credit card info *may* have been compromised and advised how to move forward. If this is happening on an ongoing basis with Disney, why isn't it a major news story? And why are those of us with MDE accounts not being informed by Disney that glitches are occurring and to please delete our card info to be on the safe side?

Ummm that's definitely not true. Yes you heard about those breaches all over the news, but it was MONTHS after the breaches actually occurred. Many times these breaches can go on for several months on their own. And the fact is many of these breaches occur and you never know about it. The card issuer is generally prohibited from telling you why they are requiring you to get a new card and in many cases they don't even know. They are only given a batch of potential affected cards and told to stop them and re-issue.

Because when your retailer has a breach, most times it is through the merchant services 3rd party business. There the entire CC number, your expiration date and the other information stored on the magneticc strip. I don't think that this has the opportunity to access your credit card.

Yep probably right. It is very possible sensitive information may be exposed on the MDE app right now. Seeing other people's plans doesn't really have much to do with that in my experience. If critical info is accessed in the same way generic information is through backchannels of MDE then there are much bigger problems. I would agree Disney IT is about as unreliable as it gets, but doubt even they would have it setup that way.
 
If this happens again.... anyone.... take a screen shot and print it or save it. Make sure the date and time are on it. At least then, if you report it, they will have something to look at to try to figure out what's happened.
 
Status
Not open for further replies.

GET A DISNEY VACATION QUOTE

Dreams Unlimited Travel is committed to providing you with the very best vacation planning experience possible. Our Vacation Planners are experts and will share their honest advice to help you have a magical vacation.

Let us help you with your next Disney Vacation!






Top