June 5, 2024 at 04:21PM
Club Penguin fans hacked a Disney server and initially stole 2.5 GB of internal corporate data, including old Club Penguin information. The breach also revealed more recent and critical data about Disney’s corporate strategies and projects. The hackers accessed Confluence using exposed credentials and obtained documents about developer tools and business initiatives, posing a significant threat to Disney.
The meeting notes highlight a significant breach of Disney’s Confluence server, resulting in the unauthorized acquisition of 2.5 GB of internal corporate data. The breach was instigated by Club Penguin fans who hacked into the server in search of game-related information but inadvertently obtained a substantial amount of corporate data, including documentation on various business, software, and IT projects utilized internally by Disney.
The stolen data comprises internal strategies, advertising plans, Disney+ information, internal developer tools, business projects, and infrastructure details. Additionally, there is documentation on specific internal developer tools such as Helios and Communicore, which had not been publicly disclosed before. The acquired data also includes links to internal websites used by Disney developers, presenting potential vulnerabilities for the company.
It is important to note that while the Club Penguin data is relatively old, the bulk of the data accessible on Discord is more recent, including information from 2024. Despite repeated attempts, BleepingComputer has not received a response from Disney regarding the breach.
This breach exposed sensitive corporate data and poses a potential security risk for Disney. It emphasises the need for urgent action to address the security vulnerabilities and potential threats posed by the leaked information.