Club Penguin (online game)

2024: Hacking Disney servers, stealing 2.5GB of corporate data

In early June 2024, fans of Disney's closed multiplayer online video game Club Penguin hacked into the company's server and stole large amounts of internal corporate data. Disney closed this MMO in 2018, however, players continue to maintain its existence by serving private servers. It is assumed that hackers will be able to use documents stolen from the company to improve the unofficial version of the game.

One of the users of the anonymous web forum 4chan posted a link to the Club Penguin Internal PDF Files archive, signing: "I don't need them anymore:)." The link leads to a 415 MB archive with 137 PDF files with character descriptions, various documentation, e-mails and other information related to the Club Penguin game. Unfortunately for Disney, this is only a small part of the data that was stolen from hacked servers, because hackers received much more information than they expected.

The Verge

Reported. that the attackers managed to steal 2.5 GB of data containing confidential corporate information about corporate strategies, developer IT tools and advertising plans, as well as a number of other important data. Of greatest concern is the theft of information relating to the company's tools and infrastructure currently used by Disney developers, "including internal API endpoints and S3 credentials." Having access to this kind of data will make it easier for hackers to plan any other cyber attacks, especially when you consider that the stolen data reflected the latest developments of the company.

It is likely that the attack on Disney was the result of the disclosure of credentials. Disney said it intends to improve protection for its system and has contracted with Charter Communications to combat unauthorized access to streaming IT services.^[1]

Notes