back to article Hackers breach chocolate recipe on Hershey website

Hackers breached the security of a website operated by US confectionery giant Hershey Company and may have made off with customers' names, birthdates, street and email addresses, and site passwords. In an email sent to customers last week, Hershey said an unauthorized individual accessed the site and changed a baking recipe for …


This topic is closed for new posts.
  1. Paul Shirley

    1st rule of Internet club: lie

    This reg reader suggests everyone uses 1/1/1970 as their birthdate on every site with no need to know and lie about everything that doesn't compromise your use of sites. As a habit.

    I also love responding to phishing. With completely false details. What we really need is a set of trigger CC accounts that automagically trigger fraud detection, might catch a few more scumbags.

    1. Pete B


      How did you guess my D.O.B. ?

    2. Matt Bryant Silver badge

      RE: 1st rule of Internet club: lie

      As of last week, all my new site signups have been for Jake Davis, address of 1 Sheepshagger House, Yell, Shetlands, age 18, and for sex I put "not yet".

  2. Andus McCoatover

    "changed a baking recipe for one of its products"

    Gordon Bennet (or Ramsay) hope they modified " Hershey's Kisses"

    They're bloody awful. Taste like they're made of lard.

    1. Tom 35


      No it's chalk and floor wax.

      1. Mike Richards

        Not floor wax

        The distinct tang of Hershey is definitely stale ear wax.

        A lardy cloying texture is distinctly a Cadbury's Dairy Milk thing. But the OP is quite right about Hershey chocolate having a nasty chalky texture.

        1. david 63

          Candle wax...

          ...and sugar.

        2. Anonymous Coward
          Anonymous Coward

          I always thought...

          ...that their secret ingredient was baby sick. That's what they taste like to me.

          1. The BigYin

            @david 63

            Exactly. Hershey's <<< Cadbury's <<< Chocolate.


          2. Anonymous Coward
            Thumb Up

            Wow I thought I was the only one

            Why exactly do Hershey's Kisses taste like vomit?

            They left a definite after-taste of heart burn that last time I tried one.

            I thought they had been tampered with.

            How anyone on God's green earth could call that chocolate is quite beyond me.

        3. Anonymous Coward
          Anonymous Coward

          It's gone off milk

          Definitely a pint of full fat that's been out in the sun for a day.

          In-laws went on hols to the states, brought me back a pack of Hershey's bars.

          Managed to eat one while at a low ebb and no other chocolate in house.

    2. tekHedd

      Lard is a delicacy in some places

      Taste more like brown candle wax to me.

    3. Cliff



  3. Yet Another Anonymous coward Silver badge


    If this is Hershey chocolate then the correct script is:


  4. A Non e-mouse Silver badge

    Would I lie to you ?

    "The Reg strongly recommends users withhold as many personal details as possible"

    Or just plain lie !

    I've lost count how many times I've been Tony Blair...

    1. Tom 35

      Hi Tony!

      It's me Elvis!

      99% of the time I use Feb 29 of a non-leap year for the birthday.

      1. Anonymous Coward


        *rushes off to check date validation algorithms on his sites*

      2. A Non e-mouse Silver badge

        29th Feb

        I've done that too, but I got caught out when the input validation forms were later updated to correct this, but the database still had the invalid date in it...

      3. BongoJoe
        Big Brother

        Over in Norway...

        ... for my Norwegian ID number I was given by the authorities the date "32nd Feb 2000" in the late 80s as my date of birth.

        I loved that ID card becase every time it went into a machine for chacking it would fail.

  5. Scott Broukell

    getting bored now ..

    .... hows about these "hackers" et al snitch the data sets etc etc to highlight a vulnerability in said websites, then promise not to divulge it unless and until said websites vulnerabilities have been fixed PRONTO. They could even offer to assist in that regard. Then some verifiable and trusted testing body could run attack vectors, whatever, to determine that the fix was good and the data could go back whence it came, all tidy like. Of course, the body responsible for hosting /constructing the web presence where said data was held would have to foot the bill for all this, as a lesson to all other peeps that wish to retain our / your data in such a manner.

    Would that just not be exciting enough ?, although possibly more efficient and conducive to the common good.

    * (the above does not, nor is it intended to, cover examples of data sets held illegally / dishonestly for nefarious purposes by guberment authorities with things to hide from those that democratically elect them etc etc.)

    1. Ian Stephenson

      Like that will work...

      "then promise not to divulge it unless and until said websites vulnerabilities have been fixed.."

      That would be never then.

      A better solution would be a timed escrow - i.e. you have 3 weeks to fix your site before this goes public.

      That way they have warning and a reasonable timeframe to fix or at the very least quarantine the problem.

  6. Anonymous Coward

    But what did they change...

    ....did they substitute an ingredient for marijuana or something? Or insert 1/2 tsp. arsenic?

    1. Oninoshiko


      I'm not even sure 1/2 tsp of arsenic in an industrial batch would even be enough to make one mildly ill. It may not even be enough to get it pulled for health reasons (although it would certainly get pulled for PR reasons)

  7. McMoo

    But why?

    Misleading headline... but even so, had it been true, I'd wonder why anyone would want the recipe - they make awful chocolate!

    Anyway - what good will a mailing list of people with no tastebuds do?

    1. skeptical i

      If they're foolish enough to give contact information ...

      ... for no discernible good reason, that makes them attractive targets, yes?

    2. Richard 102

      This is a title

      "Anyway - what good will a mailing list of people with no tastebuds do?"

      Starbuck's coupons?

  8. Anonymous Coward

    The change in the recipe

    s/vegetable oil/cocoa butter/g

    Hershey officials were heard to say "We knew it was hacked right off. I mean, making chocolate with cocoa butter? Who'd be that stupid!"

    (sad to say, but Hershey *used* to be a cool company - they donated tens of millions of dollars to orphanages back when a dollar was still 1/35 oz. of gold. But the beancounters took over, and started cheapening the product. And that is why I don't buy Hershey products anymore.)

  9. This post has been deleted by its author

  10. Steve Evans

    Oh please...

    Please let them change the production recipe.... Anything has to be better than the muck they pass off as chocolate these days.

    1. Haku

      Is Hershey's really that bad?

      I've never knowingly eaten a Hershey's bar, I do love chocolate, especially dark chocolate (ocassionally 75% cocoa) and Thorntons, I find Cadbury's milk chocolate a little too milky at times though and always try to avoid any food that says "chocolate flavour" in the description.

      Damn this news story and all your choclatey replies, I've now got a craving for some Lindt mint chocolate which is made with 47% cocoa.

      1. Anonymous Coward
        Anonymous Coward


        Yes, yes it is.

        It tastes like it is made of a mixture of vomit and despair.

        And my favourite chocolate is dairy milk (all that high cocoa stuff is OK I suppose, but there are too many choco-ponces around who seem to think someone's worth is measured by the percentage of cocoa in their choice of chocolate).

        1. Haku


          I'll keep avoiding Hershey's then :)

          BTW the dark chocolate thing, I'm allergic to dairy products, don't eat beef anymore and avoid milk & milk products so the higher cocoa levels of chocolate has less negative impact on my stomach, and I do like the taste of dark chocolate more than milk chocolate.

      2. Anonymous Coward
        Anonymous Coward


        Actually it's even worse.

        An American friend of mine gave all us Brits some Hershey's kisses. We were convinced she was trying to make us leave, they were that bad.

        She has since been converted, as have her entire family. She now has to send choccy food parcels back to the USA!

        (For some reason this reply was rejected by a moderator - WHY? It is perfectly true, and others have described the taste as "vomit"! Would you like to speak to my friends family in Colorado to verify the authenticity?)

  11. TeeCee Gold badge

    "..accessed the site and changed a baking recipe.."

    Let me guess. They noticed something was up when large quantities of unused manure started piling up in their Goods Inwards department....

    1. Jedit Silver badge

      It'd have to be Goods Inwards

      ... because if it was Goods Outwards, they still wouldn't have noticed the hack.

  12. Zog The Undeniable

    No-one would steal the recipe

    Hershey Kisses literally taste of puke. You can slag off Cadbury's Dairy Milk for not being "proper" chocolate, but at least it doesn't taste like the inevitable aftermath of ten pints, a paella and a ride home on a night bus with ineffective shock absorbers.

    1. Framitz

      not completly

      It doesn't initially taste like vomit, but the after taste is VOMIT and nothing else fits.

  13. Anonymous Coward

    Has nobody actually yet come up with......

    ... two words...

    chocolate backdoor

  14. Robert Carnegie Silver badge

    I thought this was going to be,

    which is, I now remind myself, the "Neiman Marcus cookie recipe story".

  15. Anonymous Coward

    Check your facts

    I agree with the others - if you're concerned with your privacy, it's easy enough to lie when filling out registration email.

    But to the author of this article - you need to check your facts. The reason why websites require birthdates is a legal matter. In many countries, you can't directly market to childern under the age of 13, so if the company wants to send emails to their members, users must provide a birthdate during so the website can cover their a$$.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022