Disney Data Breach Exposes Internal Plans and Projects. Fans Stole Data for Revenge on Disney for Shutting Down the Game.
Club Penguin Fans Target Disney Servers for Game Data
Club Penguin was once a beloved online game for kids, created by New Horizon Interactive and later purchased by Disney. While the game shut down officially in 2017, fans have continued playing on private servers to this day.
In early June 2024, an anonymous user uploaded a link to 4Chan containing over 100 internal Club Penguin documents from as early as 2007. This included character sheets, emails, and game designs – showing the intent was initially to share nostalgic game files with other fans.
However, sources soon revealed to that this was only a small part of a much larger unauthorized data theft from Disney. Using previously exposed credentials, threat actors had breached Disney’s Confluence server, an internal system used by developers to store documentation for business projects and software tools.
Hackers Steal 2.5GB of Internal Disney Data Including Future Plans
It was uncovered that in reality, over 2.5GB of data was downloaded from Disney’s servers. Far more than just Club Penguin artifacts, the stolen files included:
- Information on “non-linear” interactive experiences being developed for Disney Parks
- Documentation on various internal initiatives and projects
- Information on tools called Helios and CommuniCore used by Disney producers
- Links and credentials for internal websites and systems
The documentation dates as recent as early June 2024, indicating that the Disney data breach is very recent. Disney was contacted for comment but did not respond to questions about the breach.
Data From Disney Data Breach Spreads Across Discord as Disney Remains Silent
The anonymous source who shared details claims the original Club Penguin documents were taken weeks prior. However, the bulk of the internal Disney data appears to have been downloaded far more recently in early June based on metadata.
As Disney did not acknowledge or comment on the data theft, the stolen files have since spread across online platforms like Discord. The breach potentially exposes sensitive plans and thousands of files outlining Disney’s internal operations, future projects and technology tools.
While the motivation began as nostalgia for an old game, hackers unintentionally walked away with a massive trove of the entertainment giant’s closely guarded proprietary information in what is considered a major data breach for the Walt Disney Company. Disney has yet to notify the public about the cyber incident and remains silent while the ramifications are still unfolding.
