Club Penguin fans hacked a Disney Confluence server to obtain information about their favorite game, but ended up with 2.5 GB of internal corporate data. Club Penguin, a popular MMO from 2005 to 2018, continues to exist on private servers run by fans, despite Disney shutting it down and arresting the operators of a prominent remake.
Recently, an anonymous person posted a link to "Internal Club Penguin PDFs" on 4Chan, which led to a 415 MB archive containing old internal information about the game. However, BleepingComputer discovered that this was part of a larger breach where 2.5 GB of Disney's corporate data, including strategic plans, advertising, Disney+ information, developer tools, and internal infrastructure details, was stolen.
The breach occurred through previously exposed credentials and revealed sensitive information about Disney’s projects and tools, such as Helios and Communicore. While the Club Penguin data is older, much of the other data is recent, dating from 2024.