At Disney, there are hackers we like, like Jack Sparrow. But there are others who seek to harm Mickey Mouse, and that's much less magical. On June 20, the specialized website Ransomware.live reported the hacking of Disneyland Paris, itself claimed by a group of cybercriminals called Anubis. According to the perpetrators of the virtual heist, this is "the largest data leak in the history of Disneyland Park," with 39,000 confidential files totaling 64 GB of data.
But past and future visitors can rest assured: this personal information has not been compromised. For now, Europe's leading tourist destination has not yet confirmed whether the hack is true, but the sensitive nature of the stolen data could well be detrimental.
Trade secrets in the wild
If the hack claimed by Anubis turns out to be true, some of the resort's most closely guarded plans could end up in the wrong hands. The hacking group claims that the leak stemmed from an error made by a Disneyland Paris partner company, allowing them to get their hands on drawings, plans, and other photos and videos from behind the scenes of existing and future attractions. To support its announcement, the Anubis group shared excerpts from files concerning the World of Frozen land dedicated to Frozen, which will open its doors in 2026.
“Here is the list of attractions whose plans are present in the archive: Frozen Ever After, Crush’s Coaster, Pirates of the Caribbean, Big Thunder Mountain, Autopia, Buzz Lightyear Laser Blast, Orbitron, Casey Jr., Phantom Manor, Ratatouille and others,” the cybercriminal organization specifies to support the scope of the leak. Patents and other engineering files are also said to be contained in the archive, secrets that were previously well-kept but that competitors could now acquire.
Two weeks ago, the site Trendmicro.com revealed that Anubis attacks are now reinforced with ransomware capable of deleting data from the compromised device. Thus, even if the error appears to have originated from a partner company of the tourist destination, there is no guarantee that the resort still has any trace of these files. At the time of writing, Disneyland Paris has not yet communicated on this subject, nor even responded to requests from the media who contacted it.
A difficult week for Disneyland Paris
To top off this supposed hack, the destination is also facing another unusual case that quickly made headlines. Last Saturday, a fake wedding between a 9-year-old girl and a 22-year-old extra was narrowly stopped following an alert issued by park employees. “A private event planned at our destination was immediately canceled by our teams after identifying significant irregularities,” the park’s management stated. The deputy public prosecutor stated that “The event turned out to be a set-up, with the guests themselves being extras.” The Meaux public prosecutor explained that “As any offense to the detriment of the minor has been ruled out, the Meaux public prosecutor’s office is holding these two people (the actors playing the groom and the bride’s sister, editor’s note) guilty of fraud and breach of trust to the detriment of Disneyland Paris, which has also regularized a complaint to this effect.”
0 Comments