Disney data breach: Internal data leaked on 4Chan by Club Penguin fans

Disney has suffered a significant data breach, with 2.5GB of internal data stolen and partially leaked on the image board site 4Chan. According to a report by BleepingComputer this week, the breach includes tools used by Disney’s software developers and some of the company’s corporate and advertising plans.

The perpetrators appear to be fans of Club Penguin, an online game Disney acquired in 2007 for $350 million. At its peak, Club Penguin had around 200 million users and was considered its era’s largest online kids’ community. Disney shut down the original Club Penguin in 2017 and its successor, Club Penguin Island, in 2018. Since then, dedicated fans have kept the game alive on private servers despite legal actions from Disney, including the 2022 shutdown of a popular server, Club Penguin Rewritten, and the arrest of three individuals involved.

The leaked data includes 415 MB of old Club Penguin data, such as emails, documents, and designs, mostly dating back around seven years. This specific data, while significant, is only a small portion of the overall breach. Most of the 2.5GB stolen includes more recent material from Disney’s Confluence server, accessed through leaked credentials.

The stolen data also encompasses internal developer tools like Helios and Communicore. Helios enables Disney employees to create experiences based on sensors in the theme parks, while Communicore serves as a messaging library for distributed applications. The breach also includes sensitive documents related to various Disney projects and links to internal company websites used by developers. Disney has not issued any public statements regarding the data leak.