Nickelodeon investigates possible data breach

malware
(Image credit: Elchinator from Pixabay)

Iconic AmericanTV channel Nickelodeon has revealed t suffered a data breach earlier this year. 

As reported by BleepingComputer, late last month rumors started circulating around the web of a “major” leak from Nickelodeon’s animation department. People started sharing information on social media, alleging that some 500GB in documents and media files were stolen.

Fortunately, the data stolen in the breach doesn’t seem to be personally identifiable, or sensitive in that manner.

No sensitive data

Soon after that, the company (owned by Paramount), confirmed having suffered an attack but added that the data stolen was not sensitive in the manner that they belonged to employees, customers, or partners. In a statement given to the publication, the organization said the data was limited to production resources and other intellectual property. It was also “decades” old.

"The alleged leaked content appears related to production files only, not long-form content or employee or user data, and some of it appears to be decades old," Nickelodeon was cited as saying.

Nickelodeon is a TV channel that produces and plays children’s content, and other content suitable for younger/family audiences. 

The breach seems to have happened sometime in January this year, with Nickelodeon plugging the hole two months later. We don’t know who the threat actors are, or how they managed to access Nickelodeon’s endpoints. The files were apparently exfiltrated to a private Discord server, and subsequently shared elsewhere. We don’t know if any zero-days, or malware, were used in the attack. 

In its comment on the news, BleepingComputer states that if the leak doesn’t cause Nickelodeon any significant business damage, it will probably dodge the bullet, as the redistribution of copyright-protected intellectual property is illegal. However, so is sharing personally identifiable information, but that never stopped cybercriminals from engaging in data theft, identity theft, or wire fraud, anyway.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.