Confidential information, including unreleased TV shows, scripts and materials, belonging to the popular children’s television channel Nickelodeon, have been reportedly compromised in a significant data leak.
According to social media reports, an individual allegedly dumped approximately 500GB of animation files.
The authenticity of the leaked content is yet to be confirmed by Nickelodeon. Still, a spokesperson for the network told The Register (Infosecurity has reached out to the network but has not received an answer at the time of writing) that the material in question appears to be related to production files and possibly dates back several decades.
They further clarified that there is no indication of long-form content, employee data or user data involved in the leak.
The leak came to public attention when a Twitter user, operating under the handle GhostyTongue, began disclosing sensitive information related to the alleged breach on June 29.
According to vx-underground, the compromise originated from an authentication issue within Nickelodeon’s “consumer products and experience” portal, potentially allowing unauthorized individuals to access sensitive data from the animation department.
Allegedly, various Discord channels and private online communities have been sharing the stolen Nickelodeon files and videos, including content from the popular series SpongeBob SquarePants. Recent reports also suggest that the leaked Nickelodeon data also contains source code from the channel’s flash games.
William Wright, CEO of Closed Door Security, expressed concern over Nickelodeon’s response to the incident.
“Based on the information available, it appears that Nickelodeon is still trying to understand how this incident occurred, what the compromised data is, and how long ago the attack took place. This gives the impression that Nickelodeon has very little understanding of what has happened to its systems, which could raise alarm bells about the company’s security posture,” Wright explained.
Wright emphasized the importance of proactive security measures for businesses, stating that preparation for cyber-attacks is essential.
“This means running proactive security assessments to find and close exploitable bugs, training employees on attack techniques, and having the ability to map the network so, when breaches do occur, forensics can be run quickly, minimizing the time wasted trying to understand its impact,” he said.
Wright also highlighted the risk of personal data being monetized by attackers while Nickelodeon investigates the incident.
“Organizations should strive to avoid these situations and have the ability to run forensics quickly. This minimizes time wasting and allows organizations to inform impacted parties quickly, so they can take their own remediation actions,” Wright concluded.
Editorial image credit: Phil Kolin / Shutterstock.com