Need to alert Disney's IT department of MAJOR SECURITY glitch

Discussion in 'Theme Parks Attractions and Strategies' started by *I'msoooBelle*, Oct 3, 2018.

Thread Status:
Not open for further replies.
  1. Boski

    Boski DIS Veteran

    Joined:
    Jun 17, 2012
    Messages:
    749
    With how screwed up MDE is on the front end, can you imagine what the back end looks like? :eek:
     
  2. joan4mickey

    joan4mickey DIS Veteran

    Joined:
    May 7, 2006
    Messages:
    2,241
    I don't know how you all get in to any account. When I sign in mine comes up for split second, long enough for me to see my name, and then goes back to the sign in page. The number I was given to call for support has a wait of 30 minutes or longer. I saw this thread right after that starting happening but gave it a day to see if things would change.
     
  3. Avatar

    Advertisement


  4. MicroBeta

    MicroBeta 6equj5 WOW!

    Joined:
    May 27, 2017
    Messages:
    131
    Agreed. I hope Disney is investigating this to assess the magnitude.

    We've been affected by too many breaches (Home Depot, Equifax, Chili's, OPM, etc.). We really need to know if this is a situation where personal information may have been compromised.

    Mike
     
  5. MicroBeta

    MicroBeta 6equj5 WOW!

    Joined:
    May 27, 2017
    Messages:
    131
    Interesting. That hasn't my experience. I just logging into to see if it would do that and I logged in once and got to all the various screens without having to login again. This whole system seems to some weird inconsistencies.

    Mike
     
    snappy, Searc and lambdabeta like this.
  6. MicroBeta

    MicroBeta 6equj5 WOW!

    Joined:
    May 27, 2017
    Messages:
    131
    What worries me is that in order to deploy a patch assumes they know what the problem is and that a patch has been written to fix the problem. It's a race to find and fix the problem before someone else realizes there's an opportunity here and exploits it.

    We've been affected by too many breaches already. We don't need another one.

    Mike
     
  7. Searc

    Searc Mouseketeer

    Joined:
    Aug 12, 2018
    Messages:
    79
    I only log in once and click all over the site looking at my trip and personal info.
     
    MicroBeta and lambdabeta like this.
  8. ColoradoMom12

    ColoradoMom12 DIS Veteran

    Joined:
    Oct 13, 2016
    Messages:
    1,188
    I had this happen about a year ago. I logged in, and in addition to my family’s info, I saw another family’s info as well. I even could have reassigned their park tickets! Ridiculous. As much as I dislike the recent update (I get stuck in loops that direct me to log-in over and over and over...never getting me to the page I want. I’ve had to call several times this week just to do things like make a reservation. And when I made the reservation, I then discovered it was made for two adults instead of for myself and my 7 year-old DD. So I had to call again to fix it). This is not anything new, though. This glitch has been happening for some time. I will never understand Disney technology!
     
    AnnaKat, snappy and brockash like this.
  9. OrangeCountyCommuter

    OrangeCountyCommuter DIS Veteran

    Joined:
    Jul 11, 2010
    Messages:
    7,438


    After all IT worked so well before they did this didn’t it?

    Nope. This is always been a disaster of a shop.


    While I would like those people to get their jobs back I don’t think that’s going to fix our problems
     
    snappy likes this.
  10. bryanb

    bryanb DIS Veteran

    Joined:
    Sep 10, 2013
    Messages:
    1,499
    I don't really want to be seen as a company apologist here, as I'm as annoyed by technical glitches as anyone else and think it's entirely valid and helpful to report bugs.

    But people are saying things like -
    I hope Disney is looking into this -- when there's no conceivable way people aren't pulling long hours to troubleshoot and squash bugs. It's possible that it's squashed already as soon as they saw it was happening. And if it happens again, let them know so they can figure out how to replicate the issue.
    The company refuses to spend money on application development - when MDE has a huge ongoing development budget, to say nothing of the initial billion+ dollar project that it was part of.
    Disney just lays people off - but hiring is cyclical. And outsourcing does happen but it often permits more investment here at home. In any case, some people complain about cutbacks over decades and the truth is that there has been net expansion in jobs and projects, including MDE itself.
     
  11. Look_Alive

    Look_Alive Earning My Ears

    Joined:
    Jan 17, 2018
    Messages:
    73
    Well, at the very least, at no point in the past has anyone logged into the Disney website to see other familes’ detailed vacation plans, which is happening here today, so...
     
  12. MicroBeta

    MicroBeta 6equj5 WOW!

    Joined:
    May 27, 2017
    Messages:
    131
    When I said I hoped they were looking into this, I was referring to the personal information/data breach aspect of this. I'm sure this is already an all hands on deck situation to find and plug the hole. I suspect they knew about it before we did...at least I hope so.

    I don't want to this to wind up being another Uber situation.

    There is a poster in this thread stating this happened to them about a year ago so it apparently has happened in the past.

    Mike
     
    Searc, snappy and lambdabeta like this.
  13. C_Valenciano

    C_Valenciano Earning My Ears

    Joined:
    Oct 8, 2018
    Messages:
    5
    Mine has been doing this exact same thing for a few days now and it's beyond frustrating!!!! I have tried doing a hard shutdown of my laptop, clearing the history, trying different search browsers....nothing seems to work. Have you had any luck getting thru to support? Would you mind posting their number, I will also try calling tomorrow. Thank you!

    [​IMG]

    [​IMG]
     
    Last edited: Oct 8, 2018
  14. Grammy4Lizzy

    Grammy4Lizzy DIS Veteran

    Joined:
    Mar 15, 2010
    Messages:
    555
    Because when your retailer has a breach, most times it is through the merchant services 3rd party business. There the entire CC number, your expiration date and the other information stored on the magneticc strip. I don't think that this has the opportunity to access your credit card.
     
  15. ScubaCat

    ScubaCat DIS Veteran

    Joined:
    May 12, 2008
    Messages:
    2,537
    There's a different group that manages the load balancers vs the developers, possibly geographically separated. The sessions are timing out and moving people to a different server and the session IDs are inexplicably being reused.

    Without getting into the weeds technically, it's not likely you can actually change someone else's bookings. That said, the fix will be tricky, so don't hold your breath.
     
    lambdabeta, FigmentSpark and Distisso like this.
  16. MicroBeta

    MicroBeta 6equj5 WOW!

    Joined:
    May 27, 2017
    Messages:
    131
    If someone accidentally views you profile they can see your last for of the card, you name as it appears on your card, and the expiration date. In the wrong hands that can be very useful.

    IMHO, the real problem would be a hacker gets wind of people being able to see other peoples accounts and then attack and exploit the security hole. They your whole card number is within their grasp. And make no mistake about it, if there's a situation where one person can see another persons account then that's a security hole that can be exploited.

    Hopefully that hole is plugged already.

    Mike
     
  17. ScubaCat

    ScubaCat DIS Veteran

    Joined:
    May 12, 2008
    Messages:
    2,537
    It's virtually impossible to know which session you'd see if/when you timed it just right to be shown another session's information. So while it is true that there is a serious data exposure issue, it's still highly unlikely you'd be able to correlate it with someone you know. That other random person just happens to be logged in at the same time on a different server. Next time it'll be a totally different random person's info.
     
  18. snappy

    snappy Survivor

    Joined:
    Apr 15, 2002
    Messages:
    7,222
    Somehow I don’t feel better.
     
    vinotinto, lambdabeta and Searc like this.
  19. Franrose

    Franrose DIS Veteran

    Joined:
    Jul 2, 2011
    Messages:
    627
    Just in case it's helpful... I had the same issue with an airline I was trying to log in with. It turned out the problem was at my end, I'd blocked enough cookies that the website wasn't able to stay logged in and would kick me out a moment after I did, every time. I can get a bit block-happy lol.
     
  20. Aron1012

    Aron1012 Mouseketeer

    Joined:
    Mar 11, 2017
    Messages:
    334
    Ummm that's definitely not true. Yes you heard about those breaches all over the news, but it was MONTHS after the breaches actually occurred. Many times these breaches can go on for several months on their own. And the fact is many of these breaches occur and you never know about it. The card issuer is generally prohibited from telling you why they are requiring you to get a new card and in many cases they don't even know. They are only given a batch of potential affected cards and told to stop them and re-issue.

    Yep probably right. It is very possible sensitive information may be exposed on the MDE app right now. Seeing other people's plans doesn't really have much to do with that in my experience. If critical info is accessed in the same way generic information is through backchannels of MDE then there are much bigger problems. I would agree Disney IT is about as unreliable as it gets, but doubt even they would have it setup that way.
     
  21. FigmentSpark

    FigmentSpark DIS Veteran

    Joined:
    Apr 9, 2016
    Messages:
    3,791
    If this happens again.... anyone.... take a screen shot and print it or save it. Make sure the date and time are on it. At least then, if you report it, they will have something to look at to try to figure out what's happened.
     
    bryanb likes this.

Thread Status:
Not open for further replies.

Share This Page