This data includes messages, files, unreleased projects, raw images
A “hacktivist” group has claimed responsibility for a major data breach at Disney. The group, called “Nullbulge”, says it leaked around 1.2 terabytes of information from Disney's internal Slack channels. This data includes messages, files, unreleased projects, raw images, computer codes and some login credentials.
In an email to CNN on Monday, Nullbulge explained they accessed Disney's Slack through an insider who had cookies, allowing them entry. The email mentioned the insider initially tried to remove them but eventually allowed them “right back in before the second time.”
Last week, the hacking activist group published 1.2 TB of data, purportedly from Disney's Slack archive, which allegedly contained nearly 10,000 channels with extensive information, including sensitive data about unreleased projects and internal websites. The leaked data was initially posted on BreachForums but has since been removed. However, it remains accessible on various mirror sites, as per Wired.
NullBulge, the group based out of Russia, claims to protect artists' rights and ensure fair compensation. They target companies that violate one of three "sins" – promoting cryptocurrencies, using AI-generated artwork or stealing from artists or platforms that support them. In the email, they claimed that Disney was their target due to “how it handles artist contracts, its approach to AI, and its pretty blatant disregard for the consumer.”
Roei Sherman, Field CTO at Mitiga Security, reviewed the leaked data and confirmed, “All of it looks legit – a lot of URLs, conversations of employees, some credentials, and other content,” as per Wired.
He commented on the breach, saying he was not surprised that a giant like Disney could be affected at this scale, saying, “Companies are getting breached all the time.” He said “data theft from the cloud and software-as-a-service platforms” were common these days because it was "easier for attackers and holds bigger rewards".
He warned, “Disney will probably be targeted a lot more now by opportunistic threat actors.”