Suspected Nickelodeon animation department Data Leak exposes 500gb of Shows and Scripts
Take action: Saving a file with passwords is never good, but especially bad when you save it on a drive that's exposed through a public Content Delvery System. Even if you create a CDN for public access, always be aware of what you place in the CDN and whether the data can be sensitive.
Learn More
Several Twitter identities report that approximately 500GB of data, including unreleased television shows, scripts, and other materials have been compromised. Nickelodeon's legal team has reportedly taken swift action, issuing Digital Millennium Copyright Act (DMCA) takedowns and threatening and imposing severe consequences for individuals discussing the leaked contents.
The data is believed to have originated from Nickelodeon's "consumer products and experience" portal, where an authentication issue allowed unauthorized access to the animation department's sensitive content. Nickelodeon has addressed the vulnerability and patched the portal since the leak was reported in January 2023 on Discord.
The reporting is on social media platform and needs to be taken with a grain of salt:
- On June 29th, @GhostyTongue revealed details about the alleged leak in Nickelodeon's animation department, mentioning that two individuals involved, known as "BowDown" and "IncidentalSeventy" on Discord, have reportedly faced action from either law enforcement or Nickelodeon. @GhostyTongue also claimed on July 2nd that a private Discord server had circulated a URL for downloading a new leak, purportedly containing the source code for all Nickelodeon Flash Games.
- Additionally, a user on 4chan claimed to possess insider information, stating that Nickelodeon's internal database had been compromised for over a year, potentially impacting all current productions. This user mentioned the sharing of leaked files within private communities, with trusted members having access to more extensive leaks, including assets like PSDs, scripts, and animation files. The user estimated that the breached data amounted to over 500GB, including files from various shows such as SpongeBob.
The authenticity of these claims and the nature of the data leak remain unverified, with the origin of the incident still uncertain, leaving questions about whether it resulted from an internal security lapse or an external cyberattack.
Update - Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but some of it appears to be decades old.
In an interview @GhostyTongue provided info of the vulnerability that exposed the files: I scoured the internet which led me to discover two Walt Disney Company Google CDNs. One of these CDNs contained a docx file with FTP logins, allowing me to gain access to two FTP servers. I saved all the acquired data on my personal computer and have been gradually sharing it through my Internet Archive account (archive.org/details/@stone_pac)
