The dispute between Disney and fans of its defunct game Club Penguin has taken an unexpected turn focused on security after an apparently new database full of confidential company information was leaked online.
Earlier this week, a threat actor posted a new thread on 4Chan with a simple message: “I don't need them anymore :)” and contained a link to a 415 MB file containing 137 PDF files with inside information about Club Penguin , an old massively multiplayer game. online game (MMO), closed years ago, but still with devoted followers who play it somewhat illegally.
The database included emails, design schematics, documentation, and character sheets.
Exposed credentials
According beepcomputer, who has seen the database firsthand, the information it contains is seven years old. However, whoever stole this information only published part of it. The full database, apparently pulled from Disney's Confluence server, is much larger and apparently contains more recent information as well. The rest seem to be hanging around on Discord.
The post said that Confluence's servers were breached using previously exposed credentials. An anonymous source also confirmed to the publication that the attackers were initially looking for Club Penguin data, but ended up with 2.5GB of corporate strategies, advertising plans, Disney+ data, internal development tools, business projects, and Disney's internal infrastructure.
“There are a lot more files here, including internal API endpoints and credentials for things like S3 buckets,” said an anonymous source. beepcomputer.
Club Penguin, a game designed for children, was developed by New Horizon Interactive and released in 2005. It was acquired by Disney in 2007 and closed in 2017. That same year, several independent developers, unhappy with Disney removing the Plug in game, released Club Penguin Rewritten, essentially a copy of the original game, built on pre-existing Flash files and simulated older versions of the original. It lacked monetization and in-game purchases.
City of London Police shut down the game in 2022 in compliance with a copyright investigation request from Disney. Three people were arrested.
Before the shutdown, the game had more than 11 million registered players.