Possible shopDisney Security Breach May Have Exposed Your Personal Information to Other Shoppers During Star Wars Day Merchandise Release

It’s no secret that all of the recent merchandise releases on shopDisney have had serious problems. From the Minnie Mouse: The Main Attraction release, where some shoppers were improperly charged many hundreds of dollars with multiple charges on their cards after placing a single order, to the Joe Rohde Ear Hat fiasco where the coveted set of ears sold out in seconds thanks to bots scooping up all the inventory before you and I even had a chance, buying Disney merchandise has never been more difficult or more frustrating. And now it has become downright dangerous.

Most people would expect that a global conglomerate that’s also one of the world’s most well-known and trusted brands would be able to competently run an online store. Unfortunately, this is not the case. shopDisney.com is not only one of the most frustrating sites to shop online, but now it seems that some sort of security glitch may have revealed your personal information to other shoppers.

On May 2nd, shopDisney announced that they were implementing a “virtual waiting room” for the release of the Star Wars Day merchandise on May 4th. As a tacit acknowledgement of the issues with the recent releases, Disney clearly knows there is a serious problem with the site, and we hoped they had finally figured out a way to make these merchandise releases something other than an exercise in frustration.

Alas, it was not to be. The site immediately crashed at 10:00 AM EDT when the merchandise was set to be released. Numerous shoppers took to Twitter and the comments section of our post to once again express frustration with the “virtual waiting room” that didn’t really appear to solve anything. Frustrated shoppers (including myself) were not enjoying the virtual waiting room, but instead were faced with a white screen simply saying “Oops… Something went wrong” or merchandise that was instantly sold out.

It was so bad that shopDisney was forced to tweet an acknowledgement of the issue almost two hours after the merchandise was released. Over 1,200 replies to this tweet show the level of frustration of loyal Disney fans.

Although the “technical issues” were certainly frustrating, a much more insidious and alarming problem seems to have cropped up this time: a security glitch that may have exposed your account information to other shoppers.

Instead of the typical “Hi Jason!” that usually greets me, shopDisney had instead logged me into the account of someone named… Chris.

Of course, once you are logged in, you can click to see account information, change passwords, add addresses or payment methods, etc. I did not click through to see any of Chris’s personal information, but I did take this screenshot.

While Disney has ignored thousands of complaints on social media about these failed merchandise releases, a security breach that exposes personal information is on a different level altogether. shopDisney needs a serious overhaul, and it needs it now.