Disney has been hacked.
According to a new report from BleepingComputer this week, 2.5GB worth of internal company data was stolen from Disney and was partly dumped on the controversial image board site, 4Chan. The data dump includes tools used by Disney’s software developers along with some of Disney’s corporate and advertising plans.
Who is behind the stolen data? It appears to be fans of the since-shuttered online game Club Penguin.
What is Club Penguin?
Club Penguin is a massively popular online game that Disney acquired for $350 million in cash in 2007. The game was extremely popular with young people and is widely viewed as the biggest online kids community of its era.
At its peak, Club Penguin boasted around 200 million users. However, over the years, interest in the game waned and Disney shifted focus to a new 3-D version of the game, Club Penguin Island. The original Club Penguin was shut down in 2017, the same year the new Club Penguin Island was launched. Just one year later, in 2018, Disney would shut down Club Penguin Island too.
Club Penguin’s most dedicated supporters have continued to keep the game alive via private servers, where fans can come together and play unofficial, emulated versions of the game. However, Disney has come down hard on creators of these games. For example, in 2022, Disney had a popular server known as Club Penguin Rewritten shut down and three people were arrested for their role in running the unofficial Club Penguin online game.
Club Penguin vs. the Mickey Mouse Club
Now, it seems some Club Penguin fans are getting their revenge on Disney.
The BleepingComputer report says that the 4Chan dump of hacked Disney Data consisted of 415 MB of old, internal Club Penguin data. This data includes emails, documents, designs, and more. This specific data, however, is fairly old, with much of the dumped material dating back to around 7 years ago.
However, it appears that Club Penguin data is only a small portion of the 2.5GB of information stolen from Disney.
Hackers were apparently able to access Disney’s Confluence server, where internal business-related Disney data is stored, using leaked credentials. The larger breach consists of much more recent material, some of which comes from this year.
According to the data reviewed by BleepingComputer, the stolen Disney data consists of internal developer tools called Helios and Communicore. Helios is a tool that provides Disney employees with the ability to create experiences based on sensors in Disney’s theme parks. Communicore is a developer tool described as a messaging library for distributed applications.
The stolen documents also consist of information on a range of Disney projects as well as links to internal company websites used by Disney developers.
Disney has not made any statements about the data leak at this time.