Disney has fallen victim to a significant data breach, with hackers reportedly leaking 1.1 terabytes of internal Slack data. The hacking group NullBulge claims responsibility for the breach, which they say includes messages and files from nearly 10,000 channels within the entertainment giant's internal communications platform.
The attack constitutes a serious violation of the controversial company’s security and may expose discussions between executives on sensitive subjects that the company would prefer not see the light of day.
DISNEY & AT&T GOT HACKED! #CrippledNews pic.twitter.com/oprke8UhOC
— Ricky Berwick (@rickyberwick) July 15, 2024
The breach, announced on NullBulge's website last week, has exposed a vast trove of sensitive information, including unreleased projects, raw images, code, and internal discussions. The group has made the data publicly available for download, stating, "1.1TiB of data, almost 10,000 channels, every message and file possible, dumped".
NullBulge, which identifies itself as a hacktivist group, justified their actions by citing Disney's use of AI-generated art, which they believe undermines artists' rights. "Our mission is to ensure theft from artists is reduced and to promote a fair and sustainable ecosystem for creators," the group declared.Among the leaked data, early analyses have revealed discussions on various sensitive topics, including Disney employees' reactions to the company's stance on Florida's "Don't Say Gay" legislation. One message highlighted employees planning a sick-out in protest of Disney's response to the anti-LGBTQIA+ law, underscoring internal dissatisfaction with the company's policies.
>Disney has been hacked
>1TiB of data stolen (unreleased projects, logins, images codes..) pic.twitter.com/nGi5Fv6Qgj
— Pirat_Nation 🔴 (@Pirat_Nation) July 13, 2024
Disney has not yet confirmed the legitimacy of the data, nor has it provided an official response to the breach. The hackers claimed to have gained access through an "inside man" at Disney, who later had second thoughts and tried to revoke their access. In retaliation, NullBulge posted personal information of the alleged insider, including logins and Social Security numbers.
This breach is part of a broader pattern of attacks by hacktivist groups targeting large corporations over ethical concerns. In recent months, NullBulge has made headlines for similar actions against companies using AI software deemed exploitative towards artists .
The incident has raised serious concerns about corporate cybersecurity and the protection of sensitive employee and project data. As Disney grapples with the fallout, cybersecurity experts emphasize the need for robust internal security measures to prevent such breaches.
This latest data leak adds to a growing list of high-profile breaches affecting major organizations, highlighting the persistent threat posed by cybercriminals and hacktivist groups. The full extent of the damage to Disney remains to be seen as investigations continue.