Disney has suffered a significant data breach, with 2.5GB of internal data stolen, including developer tools and corporate strategies.
The breach was highlighted in a recent BleepingComputer report which revealed that much of the stolen data was dumped on 4Chan, an image board site known for hosting controversial content. The leaked information includes essential tools for software developers and details about Disney’s corporate and advertising plans.
What is Club Penguin?
The individuals behind the theft appear to be fans of Club Penguin, a popular online game previously owned by Disney but discontinued in 2017. Club Penguin, acquired by Disney in 2007 for $350 million, was a hit among young audiences and at its height boasted over 200 million users. The game’s decline led to the development of a 3-D iteration, Club Penguin Island, which also saw closure a year after its 2017 launch.
Despite the shutdown, loyal fans have kept Club Penguin’s spirit alive through private servers offering unofficial versions of the game. Disney has legally challenged these activities, leading to the closure of a notable server, Club Penguin Rewritten, in 2022, and subsequent legal actions against its operators.
What Data Was Stolen?
The data breach includes 415MB of outdated Club Penguin data such as emails, documents, and designs, mostly from about seven years ago. However, this specific data constitutes only a small portion of the total data stolen. The larger portion of the breach involves current internal data from Disney’s internal Confluence server—a platform used for internal communications and storage of company data, accessed using leaked credentials.
Included in the stolen data are internal tools named Helios and Communicore. Helios is described as a developer tool that enables Disney employees to create experiences based on sensor data within Disney’s theme parks. Communicore is identified as a messaging library used for distributed applications, facilitating internal communication across Disney’s numerous projects.
The breach has exposed various internal documents and plans concerning ongoing Disney projects, as well as links to internal company resources utilized by developers. As of now, Disney has not publicly commented on the incident.
Related News:
Featured Image courtesy of Flickr