The leaked information includes details of the media giant's advertising campaigns and corporate strategies.
Fans of the video game Club Penguin hacked the Confluence server of Disney and stole 2.5 GB of internal corporate data.
Club Penguin is an online multiplayer game that officially existed from 2005 to 2017. Players could participate in various mini-games, engage in dozens of activities, and interact with each other in the virtual world. The game was created by New Horizon Interactive, which was later acquired by Disney.
Although Club Penguin officially closed in 2017 and its successor Club Penguin Island closed in 2018, the game continues to live on private servers run by fans and independent developers.
Despite Disney's significant efforts to shut down the more famous "Club Penguin Rewritten" remake in 2022, which led to the arrest of several people on copyright infringement charges, this did not prevent the game from continuing to exist and actively develop.
Currently, Club Penguin is used by players as a kind of meta-universe, where you can meet and spend time in a relaxed atmosphere. Sometimes the game even hosts a variety of concerts and festivals.
This week, an anonymous post was published on the popular Western forum 4Chan with a link to the archive called " Internal Club Penguin PDFs "and the message" I don't need this anymore." The link leads to a 415 MB archive containing 137 PDFs with inside information about Club Penguin, including emails, design diagrams, documentation, and character sheets.
All these data are very old, they are at least seven years old, and maybe more. This makes them interesting only for ardent fans of the game. However, as BleepingComputer found out, Club Penguin data is only a small part of a much larger set of data stolen from Disney's Confluence server, where documents for various internal projects of the corporation are stored.
According to an anonymous source, Confluence servers were hacked using previously compromised credentials. The attackers initially searched for data on Club Penguin, but eventually downloaded 2.5 GB of information about Disney's corporate strategies, advertising plans, Disney+, internal developer tools, business projects, and the company's internal infrastructure.
The source told reporters: "There are a lot more files here, including internal API endpoints and credentials for things like S3 storage."
Among the stolen data is documentation on various initiatives and projects, as well as information about internal developer tools such as Helios and Communicore, which were not previously publicly disclosed.
CommuniCore is a "high-performance asynchronous messaging library designed for use in distributed applications." Helios is a show creation and replay tool that allows Disney producers and writers to create interactive, non-linear stories using real-world sensor data from Disneyland parks.
The documents also contain links to internal websites used by Disney developers, which can be valuable for attackers who want to attack the company.
Although the Club Penguin data is quite old, the rest of the data currently circulating on Discord is much newer, including information from 2024. According to the source, the digital robbery of the media giant took place just a few weeks ago.
Disney has not yet commented on the possible leak of corporate data from its networks.
Fans of the video game Club Penguin hacked the Confluence server of Disney and stole 2.5 GB of internal corporate data.
Club Penguin is an online multiplayer game that officially existed from 2005 to 2017. Players could participate in various mini-games, engage in dozens of activities, and interact with each other in the virtual world. The game was created by New Horizon Interactive, which was later acquired by Disney.
Although Club Penguin officially closed in 2017 and its successor Club Penguin Island closed in 2018, the game continues to live on private servers run by fans and independent developers.
Despite Disney's significant efforts to shut down the more famous "Club Penguin Rewritten" remake in 2022, which led to the arrest of several people on copyright infringement charges, this did not prevent the game from continuing to exist and actively develop.
Currently, Club Penguin is used by players as a kind of meta-universe, where you can meet and spend time in a relaxed atmosphere. Sometimes the game even hosts a variety of concerts and festivals.
This week, an anonymous post was published on the popular Western forum 4Chan with a link to the archive called " Internal Club Penguin PDFs "and the message" I don't need this anymore." The link leads to a 415 MB archive containing 137 PDFs with inside information about Club Penguin, including emails, design diagrams, documentation, and character sheets.
All these data are very old, they are at least seven years old, and maybe more. This makes them interesting only for ardent fans of the game. However, as BleepingComputer found out, Club Penguin data is only a small part of a much larger set of data stolen from Disney's Confluence server, where documents for various internal projects of the corporation are stored.
According to an anonymous source, Confluence servers were hacked using previously compromised credentials. The attackers initially searched for data on Club Penguin, but eventually downloaded 2.5 GB of information about Disney's corporate strategies, advertising plans, Disney+, internal developer tools, business projects, and the company's internal infrastructure.
The source told reporters: "There are a lot more files here, including internal API endpoints and credentials for things like S3 storage."
Among the stolen data is documentation on various initiatives and projects, as well as information about internal developer tools such as Helios and Communicore, which were not previously publicly disclosed.
CommuniCore is a "high-performance asynchronous messaging library designed for use in distributed applications." Helios is a show creation and replay tool that allows Disney producers and writers to create interactive, non-linear stories using real-world sensor data from Disneyland parks.
The documents also contain links to internal websites used by Disney developers, which can be valuable for attackers who want to attack the company.
Although the Club Penguin data is quite old, the rest of the data currently circulating on Discord is much newer, including information from 2024. According to the source, the digital robbery of the media giant took place just a few weeks ago.
Disney has not yet commented on the possible leak of corporate data from its networks.
