Disney Data Breached by Club Penguin Fans Who Stole 2.5GB of Corporate Data

Written by Mitchell Langley

June 10, 2024

Disney Data Breached by Club Penguin Fans Who Stole 2.5GB of Corporate Data

Disney Data Breach Exposes Internal Plans and Projects. Fans Stole Data for Revenge on Disney for Shutting Down the Game.

Club Penguin Fans Target Disney Servers for Game Data

Club Penguin was once a beloved online game for kids, created by New Horizon Interactive and later purchased by Disney. While the game shut down officially in 2017, fans have continued playing on private servers to this day.

In early June 2024, an anonymous user uploaded a link to 4Chan containing over 100 internal Club Penguin documents from as early as 2007. This included character sheets, emails, and game designs – showing the intent was initially to share nostalgic game files with other fans.

However, sources soon revealed to that this was only a small part of a much larger unauthorized data theft from Disney. Using previously exposed credentials, threat actors had breached Disney’s Confluence server, an internal system used by developers to store documentation for business projects and software tools.

Disney Leaked Files

Hackers Steal 2.5GB of Internal Disney Data Including Future Plans

It was uncovered that in reality, over 2.5GB of data was downloaded from Disney’s servers. Far more than just Club Penguin artifacts, the stolen files included:

  • Information on “non-linear” interactive experiences being developed for Disney Parks
  • Documentation on various internal initiatives and projects
  • Information on tools called Helios and CommuniCore used by Disney producers
  • Links and credentials for internal websites and systems

The documentation dates as recent as early June 2024, indicating that the Disney data breach is very recent. Disney was contacted for comment but did not respond to questions about the breach.

 

Data From Disney Data Breach Spreads Across Discord as Disney Remains Silent

The anonymous source who shared details claims the original Club Penguin documents were taken weeks prior. However, the bulk of the internal Disney data appears to have been downloaded far more recently in early June based on metadata.

As Disney did not acknowledge or comment on the data theft, the stolen files have since spread across online platforms like Discord. The breach potentially exposes sensitive plans and thousands of files outlining Disney’s internal operations, future projects and technology tools.

While the motivation began as nostalgia for an old game, hackers unintentionally walked away with a massive trove of the entertainment giant’s closely guarded proprietary information in what is considered a major data breach for the Walt Disney Company. Disney has yet to notify the public about the cyber incident and remains silent while the ramifications are still unfolding.

Related Articles

How AI is Revolutionizing Phishing Attacks

How AI is Revolutionizing Phishing Attacks

 -  New: New Phishing attacks have long been a major concern for enterprise organizations wordwide. As technology continues to advance, cybercriminals are finding new and innovative ways to exploit vulnerabilities and deceive unsuspecting individuals. In recent years,...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!