Users Alerted After Disney Forum is Breached

Disney has been forced to notify users of its Playdom Forum that hackers have made off with sensitive personal information which could put their privacy and online security at risk.

The “unauthorized party” infiltrated the Disney servers on 9 and 12 July, acquiring usernames, email addresses, and passwords for accounts as well as IP addresses, the firm said in a statement on Friday.

It continued:

“Please be assured that the Playdom Forum website does not collect credit card numbers or other sensitive personal information, such as Social Security numbers. The investigation concluded that no other Disney websites or apps have been affected in any way…

In order to protect our users, we have currently shut down the website and invalidated all user passwords for the affected accounts. We have reported the incident to law enforcement authorities and are cooperating with them. We have also launched new forums with enhanced security measures.”

Disney urged users who might have re-used their Playdom passwords on other sites to set new log-ins on those accounts immediately.

It also warned customers not to reply to any unsolicited emails purporting to come from Disney as these are likely to be phishing attempts designed to elicit even more sensitive information from the victims of this breach.

Disney didn’t disclose how many users are affected, although the forum is said to have over 350,000 members.

The site itself apparently ran on vBulletin, forum software which has itself been compromised on several occasions.

Last year a hacker exploited a zero-day bug to make off with user IDs, full names, email addresses, security questions and corresponding answers.

In July, Ubuntu Linux developer Canonical ‘fessed up to a data breach which exposed the personal information of two million users of its forum – also run on the vBulletin platform.

What’s Hot on Infosecurity Magazine?