News • Science & Tech
The Club Penguin Leak
Over 800 MB of internal material from Disney's Online Kids Game
June 05, 2024
post photo preview

Yesterday, I was made aware of a leaked archive of internal documents from within Disney -- specifically focusing on Club Penguin (the extremely popular, online children's game which ran from 2005 through 2017).

This leak -- consisting of over 800 MB of PDFs and archived, internal documentation webpages -- was posted anonymously to 4chan.  So, naturally, I fired up a virtual machine (better safe than sorry when dealing with files from unknown sources) and downloaded every byte.

The Club Penguin Leak is Real

The first thing that needed to be ascertained was the validity of the files within this leak.  Were these files truly from within Disney (and the Club Penguin team)?

And the answer is, with a high level of certainty, yes.  This leak is legitimate.

How do I know this leaked material truly came from within Disney?

Because I used to work at Disney.  Specifically... on Club Penguin.  In fact, I still have my Disney "Cast Member" badge (because having a badge that says "Disney Cast Member" is just too cool to not keep).

While the contents of this particular leak primarily cover the time between 2014 and 2017, which was after my time working on Club Penguin, I know enough details to be able to confidently verify this material.

With that important step out of the way, let's dive into the contents of the leak.

Nothing Overly Surprising or Controversial

I know what all of you are wondering.

"Is there anything controversial or juicy in these leaks?  It's Disney!  It's a popular kids online game!  There's gotta be something wild in here!"

But, you know what?  It's really pretty dull.  Lots and lots of corporate boringness.

The only times anything got even remotely political were during two "End of Sprint" retrospective meetings (Club Penguin development used an "Agile" development methodology, with work divided into multi-week "Sprints").

The first time was immediately following the November, 2016 USA election.

The end of the Sprint after the 2016 Presidential Election.

"What should we have done better?"

The answer?  "Trump was elected!!"

Clearly the team was not thrilled that Trump won that election.

Though, all was not lost!  The team was very pleased with "Darlesson's cookies" and happy that Darryl was buying a house.  So.  You know.  Now we all know those details.  From within Disney.  Back in 2016.

Flash forward to January of 2017, and we have a similar set of statements from another "End of Sprint Retrospective".

The end of the Sprint after the 2017 Inauguration Day.

This, of course, happened after President Trump was sworn in to office.

Once again, the Disney Club Penguin team asked themselves, "What should we have done better?"

The answers?  "Trump" and "End of the world".

But, hey!  Look at all those things they did well!  Cookies!  Perogies!  Oooh!  And Timbits (aka "Donut holes")!  Looks like they were eating well!

Thus ends the entirety of the political content found within these Club Penguin leaks.  Over 800 MB of leaks -- consisting of 137 PDF files and an absolutely massive number of HTML files -- and this is the most politically charged content in the entire archive.

Keeping Club Penguin Clean

One of the difficult challenges in running an online system -- like Club Penguin -- for children... is keeping things... clean.  Family friendly.  G Rated.

No matter how much work went into limiting "adult" content, people would find ways to sneak naughty stuff into the game world.  More often than not through the use of funky acronyms.  Sometimes it would be older kids just being naughty... other times it was adults "playing Club Penguin" and being gross.

Within this leak is a "Top 50 Acronyms Parents need to know" -- which contained a small portion of the known ones.  Some were pretty wild.

Yup.  In a kids game.

To Club Penguin's credit, they worked pretty hard to limit all of this as best they could.

True story: When I was working on Club Penguin, an issue needed to be handled where players would work together to arrange their penguin characters (by simply walking around the world) into inappropriate patterns.  I'm not going to describe those patterns... I'm sure you can use your imagination to figure out the pictures they were trying to make.  The solution was to create a function that checked for the penguins being in certain types of particularly naughty patterns... and, when detected, shuffle the characters all over the screen.  It wasn't a great fix.  But it did the job.

This Leak Gave Me Corporate PTSD

End of Sprint Retrospectives.  Sprint Planning Documents.  Burndown charts.  Reports and proposals.

As I read through page after page of corporate, agile busy work I felt myself becoming increasingly stressed.  And annoyed.  Flashbacks to morning Standups and Scrum meetings.

I was instantly back there.  In the Disney Club Penguin office.  In that meeting room.  Under those fluorescent lights.  Feeling my soul slowly dying as I await my turn to give my daily update.

Part of a presentation from an end-of-Sprint Review.

While there's nothing damning or incriminating in these leaks... it served as a visceral reminder of why I stopped working for Disney.

Here's another screenshot.  This one is a Burn-up Chart pulling data from JIRA (a bug/task tracking system... if you don't know what it is... count yourself lucky).

I had to look at it.  Now you do too.

A Burn-up chart.  From JIRA.  For the end of a Sprint.  Kill me now.

You're welcome.  (I'll spare you from seeing screenshots of the countless other charts and Sprint meeting notes.)

One of the few mildly interesting tidbits in this leak comes in the form of emails, mostly between Product Managers, regarding the final days of Club Penguin -- and when they announced that the service would be closing.

I've censored the name of the Product Manager who sent this email.  Because it just simply isn't important in any way, shape, or form.

And, when I say "mildly" interesting... even that is a bit of a stretch.  This is all about as run-of-the-mill as it gets within the Tech Industry.

Some API Documentation

Ready to really make your eyes glaze over?

How about over One Thousand HTML files... all documenting various APIs used by a variety of systems... many of which are no longer in use.  By anyone.  Anywhere.

Over 1,000 of these.

Seriously.  This Disney leak includes over 1,000 files just like this one.  And the vast majority of the information contained within it is only of historical interest.

But, hey.  Documenting computer history is important.  Even if it is mostly internal, corporate systems.

That's it.  That's the Club Penguin Leak.

Right about now you're wondering to yourself, "Why do I need to know about any of this?"

Quite frankly... you don't.  The truth is -- despite the massive number of documents in this particular leak -- almost none of it was going to be interesting or important to you.  Heck.  Let's be honest, most of it was barely interesting to the people who originally wrote these documents.

But this gives you a little glimpse into some of the work that The Lunduke Journal does.

So far this year, The Lunduke Journal has received of over 27 GB of leaked material (not including video) from a number of the biggest companies on Earth.  And, while some of it is explosive and critically important (such as the Red Hat or Microsoft leaks), most of it is... a lot like this Club Penguin Leak:

One or two mildly interesting statements nestled between notes about food in the break room... and charts about bug tracking.

But The Lunduke Journal goes through it all... and only occasionally tortures you with the boring stuff.

(Unless, of course, you were a big Club Penguin fan.  In which case: You're welcome for this fascinating and riveting dive into the internal documents from the final years of Club Penguin.)

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
What else you may like…
Mozilla Caves to Criticism, Unblocks Firefox Extensions in Russia

Two days after blocking anti-Censorship, pro-Privacy Firefox Extensions in Russia, Mozilla has reversed course.

The full article:

Open Source A.I. Definition to include Closed, Secret Data

The Open Source Initiative -- backed by Microsoft, Amazon, Meta -- is pushing for a "Closed" definition of "Open Source Artificial Intelligence."

Mozilla's War on the Open Internet

The Mega Corp behind Firefox takes another step to stomp out free speech and an "Open Web".

Mozilla Firefox blocks anti-Censorship and pro-Privacy extensions in Russia:

November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:

Give the gift of The Lunduke Journal:

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?

Give the gift of The Lunduke Journal:

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044
10 hours ago

#Commodore #Wikipedia

Here's a demo of an in-development Wikipedia-specific online browser running on C64 OS, which is a commercial OS now available for Commodore 64s. Data speeds are hobbled a bit by a 2400 baud modem, but seems very functional with neat features like multiple-language support and flexible screen usage under user control. This offers a much richer experience compared to Minitel or early online services like GEnie back in the day.

Off to a fantastic start!

A huge high-five is in order for everyone who pitched in and grabbed a subscription (or otherwise donated) today!

I do believe we've put enough funds in the "This is For The Linux Distro" account to cover all of the obvious expenses (servers, hardware, domains, etc.) for at least the next half year or so. Most outstanding!

I'll be honest... I wasn't expecting this level of response!

I'll leave the sale running until midnight tonight if anyone else wants to jump in, but this is truly amazing. All of you rule.

Next up: Getting servers, domain, source repository, and forum set up.

10 hours ago

A question for the group:

Does Microsoft 365 run under Wine? Back when MS Office was a stand alone product it installed and worked well in wine but does it still? The need/desire to use this product has stopped some people from moving away from Windows and to Linux.

post photo preview
Last week at The Lunduke Journal (June 9 - June 15, 2024)
Firefox! Russia! WWDC! Open Source A.I.!

My-oh-my.  Another wild week at The Lunduke Journal!  It all kicked off with a live video commentary of Apple's WWDC keynote (which was banned by YouTube, but still available at the links below), then quickly moves to Mozilla and Open Source AI.

The Videos

The Articles

Previous Few Weeks

Reminder: Check out The Lunduke Journal Link Central page for all the handy URLS.  Podcast RSS feeds, contact info, direct links to some of the big shows and articles and a bunch of other goodies.  And be sure to subscribe to The Lunduke Journal to help support the work... and make sure you don't miss out on anything.

Read full Article
post photo preview
The CIA, NSA, and Pokémon Go

Back in July of 2016, I wrote a short article for Network World entitled “The CIA, NSA, and Pokémon Go."

While the title was certainly viewed as a bit “over the top” and “conspiracy theorist-y”, it was really just a collection of (in my opinion, rather bizarre) facts that – even without any sinister connection – were worth documenting. I am republishing it here, with some additional (increasingly odd) details added at the end (including radio and TV appearances related to this article).

Some of the details relating to the exact permissions and capabilities of the Pokémon application have changed over the last few years… but everything else remains correct, factual, and up to date.



The CIA, NSA, and Pokémon Go

With Pokémon Go currently enjoying, what I would call, a wee-bit-o-success, now seems like a good time to talk about a few things people may not know about the world's favorite new smartphone game.

This is not an opinion piece. I am not going to tell you Pokémon Go is bad or that it invades your privacy. I’m merely presenting verifiable facts about the biggest, most talked about game out there.

Let’s start with a little history

Way back in 2001, Keyhole, Inc. was founded by John Hanke (who previously worked in a “foreign affairs” position within the U.S. government). The company was named after the old “eye-in-the-sky” military satellites. One of the key, early backers of Keyhole was a firm called In-Q-Tel.

In-Q-Tel is the venture capital firm of the CIA. Yes, the Central Intelligence Agency. Much of the funding purportedly came from the National Geospatial-Intelligence Agency (NGA). The NGA handles combat support for the U.S. Department of Defense and provides intelligence to the NSA and CIA, among others.

Keyhole’s noteworthy public product was “Earth.” Renamed to “Google Earth” after Google acquired Keyhole in 2004.

In 2010, Niantic Labs was founded (inside Google) by Keyhole’s founder, John Hanke.

Over the next few years, Niantic created two location-based apps/games. The first was Field Trip, a smartphone application where users walk around and find things. The second was Ingress, a sci-fi-themed game where players walk around and between locations in the real world.

In 2015, Niantic was spun off from Google and became its own company. Then Pokémon Go was developed and launched by Niantic. It’s a game where you walk around in the real world (between locations suggested by the service) while holding your smartphone.

Data the game can access

Let’s move on to what information Pokémon Go has access to, bearing the history of the company in mind as we do.

When you install Pokémon Go on an Android phone, you grant it the following access (not including the ability to make in-app purchases):


  • Find accounts on the device


  • Find accounts on the device


  • Precise location (GPS and network-based)

  • Approximate location (network-based)


  • Modify or delete the contents of your USB storage

  • Read the contents of your USB storage


  • Modify or delete the contents of your USB storage

  • Read the contents of your USB storage


  • Take pictures and videos


  • Receive data from the internet

  • Control vibration

  • Pair with Bluetooth devices

  • Access Bluetooth settings

  • Full network access

  • Use accounts on the device

  • View network connections

  • Prevent the device from sleeping

Based on the access to your device (and your information), coupled with the design of Pokémon Go, the game should have no problem discerning and storing the following information (just for a start):

  • Where you are

  • Where you were

  • What route you took between those locations

  • When you were at each location

  • How long it took you to get between them

  • What you are looking at right now

  • What you were looking at in the past

  • What you look like

  • What files you have on your device and the entire contents of those files

I’m not going to tell people what they should think of all this.

I’m merely presenting the information. I recommend looking over the list of what data the game has access to, then going back to the beginning of this article and re-reading the history of the company.

Update: April 14th, 2020

In March of 2017, a little less than a year after this article was originally published, WikiLeaks released what they called “Vault 7." A series of documents that was purported to be a large leak of CIA related documents focused heavily on hacking and electronic surveillance.

Among those documents was a list of code names, descriptions, and various details around Android specific exploits.

Of the code names listed… almost a third of them were Pokémon names. Between that and the CIA investment (via In-Q-Tel) in Niantic (the company behind Pokémon Go)… I mean, that's just a heck of a lot more Pokémon than one would expect from the CIA.

One other little tidbit:

The original CEO of In-Q-Tel was a man named Gilman Louie. Louie received multiple awards for his work with In-Q-Tel - including CIA Agency Seal Medallions, Director's Award by the Director of the Central Intelligence Agency, and Director of National Intelligence Medallion – which included investing in Keyhole.

Louie now sits on the board of directors of Niantic.

In 2019 alone, Pokémon Go earned $1.4 Billion (USD). As of February 2019, the game had been downloaded over One Billion times.

Update: June 15th, 2024

After this article was originally published, back in 2016, I made a few radio guest appearances to talk about it -- my favorites being for Coast to Coast AM and Fade to Black.  Both of which remain available online.

This was followed by an episode of a TV show, for The History Channel, called "Breaking Mysterious".  That show only received a limited run in the USA, but it remains available via streaming in many other countries in case you want to look it up.

Here's a few snapshots from that episode (Season 1, Episode 1 - "The Watchers") just for good measure.

The show was originally titled "The Unexplained".  But the name was changed to "Breaking Mysterious"... and, later, "The Unexplained" title was used for an entirely different show, hosted by William Shatner.


Yup.  The video editors for the History Channel spelled my name wrong.  (It's with a Y!  A Y, I say!)


Sitting in a park.  Dropping truth bombs about surveillance on the show host, Jimmy Church.


Giving the show's host "The Look".
Read full Article
post photo preview
Funny Programming Pictures Part XLIV
Father's Day Weekend Edition

I hit Ctrl-C 187,000 times while creating this article.


... or simply don't know what we did, but it works.  It's "the algorithm".


Remember when Windows Vista was the "Best Advertisement for Linux"?  Good times.


We're all doomed.


This is the correct answer for every topic for an experienced dev: I hate everything, for different reasons.




This is a tough conversation for any dad to have.


The other 1% is giving up and just using a Center tag inside of a Table.


The more times you hit Ctrl-C, the better it copies.




"Backend Developer"




Don't look behind you.  Copilot is catching up.
Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals