With all the care they take in their parks to hide the working parts and create an illusion to cover reality, you'd think the Walt Disney Company would take more precaution to safeguard their quarterly earnings report from an early release.
Disney didn't plan on posting the link on its website until after the stock market closed, but a savvy Bloomberg News reported found it with a simple Internet trick, and the results were released about a half-hour before the scheduled release. The twerk worked so well (and obviously) that Bloomberg headline writers did it six days later to data storage company NetApp Inc., reporting the financial results more than an hour before the market closed. Nasdaq officials halted trading in NetApp temporarily after the stock fell 9%within a half-hour after the first report went out. Disney's stock fell nearly 5% in about four minutes, though shares of both have recovered since then.
The Bloomberg team searched for the reports by taking the Web addresses from previous quarters and changing the last few characters to correspond to the quarter about to be reported. Yep, it was that simple. In Disney's case, the Web address to each quarterly report contains the current year followed by the quarter, and the reporters simply guessed that the new release would be posted under "q4" for the fiscal fourth quarter. The address worked, even though a link to it hadn't been published on Disney's website, and required no password or computer break-in. It's a brilliantly simple and long known way to infiltrate inaccessible webspace (that came in handy years ago when Stile Project thought it could put it's adult video clips behind a pay wall - ha!) - but I'd never thought that it would be used on such a grand scale.
Security experts characterized the companies' failure to protect such valuable information as careless lapses, and the Securities and Exchange Commission would not say whether the agency had started an investigation.
The Bloomberg team searched for the reports by taking the Web addresses from previous quarters and changing the last few characters to correspond to the quarter about to be reported. Yep, it was that simple. In Disney's case, the Web address to each quarterly report contains the current year followed by the quarter, and the reporters simply guessed that the new release would be posted under "q4" for the fiscal fourth quarter. The address worked, even though a link to it hadn't been published on Disney's website, and required no password or computer break-in. It's a brilliantly simple and long known way to infiltrate inaccessible webspace (that came in handy years ago when Stile Project thought it could put it's adult video clips behind a pay wall - ha!) - but I'd never thought that it would be used on such a grand scale.
Security experts characterized the companies' failure to protect such valuable information as careless lapses, and the Securities and Exchange Commission would not say whether the agency had started an investigation.
No comments:
Post a Comment