The Nickelodeon data leak has been acknowledged by Paramount, the parent company. However, amid investigations, it has been labelled as a leak containing mostly old data.
Nickelodeon, one of the world’s leading children’s entertainment TV channels, is the latest victim of a data breach. On 6th July, Hackread exclusively reported that a Twitter handle @GhostyTongue shared exclusive details on the data breach, revealing that they have inside knowledge of the massive 500GB Nickelodeon data leak.
Per the latest development, Nickelodeon claims that the hackers allegedly stole ‘decades-old’ data. In an exclusive state to Hackread.com, a Nickelodeon representative said that,
We are aware of social media posts that alleged production-related files were made available without authorization and we are investigating. The alleged leaked content appears related to production files only, not long-form content or employee or user data, and some of it appears to be decades old.
Nickelodeon/Paramount
The network is currently investigating the incident. Animators impacted by the exposure of their projects for the channel are asking people to delete every leak-related post to show respect to those working on unreleased projects.
On the other hand, hackers are actively sharing screenshots of the alleged files they’ve stolen from the network, including leaks from its animation department.
Some screenshots show folders of the network’s biggest shows, including Monster High, Danny Phantom, SpongeBob SquarePants, Avatar: The Last Airbender, the Smurfs, etc. As seen by Hackread.com, the leaked data includes information on unreleased TV shows and scripts too.
Interview with @GhostyTongue
Hackread.com had the opportunity to interview @GhostyTongue, the person who is most vocal and has inside information about the Nickelodeon breach.
HACKREAD: 1: Would you be interested in telling readers about yourself?
@GHOSTYTONGUE: Not too long ago, I developed a passion for both news reporting and exploring the realms of leaking and cybersecurity. It all started when the Nintendo gigaleak occurred, and I found myself captivated by the way it unfolded and the timing of the event. Intrigued, I scoured the internet in search of similar opportunities, which led me to discover two Walt Disney Company Google CDNs. One of these CDNs contained a docx file with FTP logins, allowing me to gain access to two FTP servers. I saved all the acquired data on my personal computer and have been gradually sharing it through my Internet Archive account. I must admit, that there is an indescribable satisfaction in preserving and safeguarding such valuable information.
HACKREAD: 2: Was this data leaked by hackers or an inside job as per your knowledge?
@GHOSTYTONGUE: I came across two stories about how the incident occurred. One involved a vulnerability in Viacom’s login portal, while the other involved the correct guessing of the password and username. In essence, the exact cause remains undetermined.
HACKREAD: 3: Can you provide more details about the nature of the leak in Nickelodeon’s animation department?
@GHOSTYTONGUE: The leak occurred in January of this year, although some sources suggest unauthorized access may have been obtained as early as the previous fall. According to information gathered from forums, approximately 500GB of files were accessed and obtained during the breach. The leaked data was initially shared within private servers, but a significant portion, approximately 10GB, was eventually released to the public.
HACKREAD: 4: How did you come across this information regarding the leak and the individuals involved?
@GHOSTYTONGUE: I came across this because a friend pointed to the original 4chan thread of it and asked me if I knew how to get in as in the past did worthy work on archiving 2 CDNs and 2 FTPs from a company.
HACKREAD: 5: You shared a couple of screenshots (1) (2) on Twitter showing signs of regret from someone claiming over the issue. Who are they?
@GHOSTYTONGUE: It wasn’t regret for someone, one of them was an apology tweet of a screenshot I was claiming was faked but in reality it was real and the other one was a message I sent out as someone was threatening my lively hood and attempting to dox me.
HACKREAD:: 6: What kind of actions or consequences did “BowDown” and “IncidentalSeventy” face, as per your knowledge?
@GHOSTYTONGUE: To the best of our knowledge, rumours are circulating that suggest the individuals in question may have been apprehended by law enforcement or banned by Discord. According to reports, all the servers they were part of, as well as their friends, claim that they vanished without a trace. There are also rumours speculating that the authorities may have been involved in their disappearance. Additionally, it is worth noting that they were allegedly involved in the dissemination of leaked content earlier this year.
HACKREAD: 7: Were there any other individuals or parties involved in the leak that you are aware of?
@GHOSTYTONGUE: From what I know, individuals named BowDown and IncidentalSeventy were involved in the situation. However, upon reflecting on the person who threatened to expose my personal information (dox), their actions now appear suspicious to me.
HACKREAD: 8: How confident are you in the accuracy and reliability of the information you’ve shared?
@GHOSTYTONGUE: I have a high level of confidence that approximately 85% of the shared information is accurate.
HACKREAD: 9: Have you been in contact with any official representatives from Nickelodeon or law enforcement regarding this matter?
@GHOSTYTONGUE: As of now, I have not been contacted by anyone regarding the situation. However, I have noticed that Nick (presumably referring to Nickelodeon) has taken notice of my posts and other tweets. To test this claim, I uploaded a brief 2-second clip of an unreleased show pilot titled “Rock Paper Scissors.” Interestingly, the link to the clip was swiftly removed within a minute of the tweet being published.
HACKREAD: 10: Can you disclose any additional details or insights about the leak or its aftermath that we haven’t discussed yet?
@GHOSTYTONGUE: In my personal opinion, I strongly believe that there is a high probability of both “The Loud House Movie” (a movie in the making and planned to be released in 2023 according to leaked content) and “The Casagrandes Movie” being delayed. Furthermore, considering the significant leak of content related to the upcoming Nickelodeon show “Rock Paper Scissors,” it is highly likely that the show might face cancellation due to the extent of the leak.
Hackread.com had earlier reported that in January 2023, Nickelodeon’s consumer products and experience portal experienced an authentication issue, and materials were leaked on Discord, after which the company patched it. The issue allowed users to access its animation department. The current leak could be linked to this incident.
The breach is under investigation, and law enforcement is focusing on two individuals using Discord usernames “REDUCTED” and “REDUCTED,” for their alleged involvement. Nickelodeon’s legal team has acted against the perpetrators and beneficiaries of the leak by pursuing the Digital Millennium Copyright Act (DMCA). It will deter people from sharing content about the leak on websites and social media.
However, screenshots of alleged data from the TV channel are still being shared on Twitter, Reddit, and other platforms. Some researchers have shown concern over violating DMCA for discussing the leak online, but Nickelodeon’s representative didn’t comment on this.
The US-headquartered and Paramount-owned Nickelodeon is the first cable TV channel to broadcast content exclusively made for children. The network is yet to confirm whether the leak resulted from hacking or a cyberattack.
This isn’t the first time a film or television network has become the target of a data breach. Back in 2014, Sony Pictures was targeted by North Korean hackers who leaked films and script copies, company employees’ emails, and its executives’ personal information.
Then, the 2017 HBO data breach rocked Hollywood in which hackers infiltrated HBO’s systems and leaked unreleased episodes of the popular series Game of Thrones, along with other sensitive data.
The HBO hacking saga lasted for several months, causing significant distress for the network and its viewers. It wasn’t until later that an Iranian citizen named Behzad Mesri emerged as the alleged perpetrator behind the HBO hack. Mesri was subsequently charged and indicted for his involvement in the cyberattack. To this day, he remains wanted by the FBI.