0:00
Disney's Confluence servers were
0:02
breached using previously exposed
0:03
credentials they said that the threat
0:05
actors were initially looking for Club
0:06
Penguin data but they want up
0:08
downloading a bunch of data about
0:09
Disney's corporate strategies
0:11
advertising plans Disney plus internal
0:13
developer tools business projects and
0:16
infrastructure whoopsie yeah I I'm
0:20
having a really hard time believing that
0:22
this was just about Club Penguin like we
0:24
were just looking golly guys we just
0:27
were looking for some Club Penguin stuff
0:29
and we just happen to find their
0:30
corporate marketing strategy it's a
0:32
whoopsy d somebody who went to jail who
0:34
was friends with somebody who went to
0:35
jail I don't know over Club
0:38
Penguin uh lot more files here including
0:42
internal API endpoints and credentials
0:44
for things like S3 buckets anonymous
0:46
source to bleeping computer uh the data
0:49
includes documentation on wide variety
0:51
of initiatives and projects as well as
0:52
information on internal developer tools
0:55
um oh one of their developer tools is
0:57
called communicore communicore that's
1:00
interesting uh yeah that was a whole
1:01
thing um it said strewn across the
1:04
documents are links to internal websites
1:06
used by Disney developers which could be
1:08
valuable for threat actors yeah who want
1:10
to Target the company boy oh boy it's a
1:13
good thing that Disney doesn't have any
1:16
employees I know right they said
1:18
bleeding computer was told the original
1:20
Club Penguin PDFs shared on for chamber
