Internal communications from Disney’s Slack workplace collaboration system have surfaced online, revealing information about the company’s operations, including ad campaigns, studio technology, and hiring processes. The leak, claimed by an anonymous hacking group called Nullbulge, exposed about ten thousand Slack channels containing computer code and details about unreleased projects.
Nullbulge, self-described as a hacktivist group advocating for artist rights, announced that it had published extensive data from Disney’s internal communications. The group claims the breach includes conversations about maintaining Disney’s corporate website, software development, assessments of job candidates, and even personal content like photos of employees’ dogs, with data spanning back to 2019, reports WSJ.
Disney is currently investigating the breach. A spokesperson for the company confirmed that they are looking into the matter but did not provide further details. The leaked data also includes discussions from Disney’s wide-ranging businesses, such as its movie studios, streaming services (Disney+ and Hulu), theme parks, cable TV networks, and sports broadcaster ESPN.
“Disney has had their entire dev slack dumped. 1.1 TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors?” Nullbulge wrote on X.
Nullbulge’s motivation appears in an ideological dispute over Disney’s handling of artist contracts, its approach to artificial intelligence, and its perceived disregard for consumers. “We targeted Disney because of its treatment of artists and its blatant disregard for consumer rights, ” a Nullbulge spokesperson told WSJ.
The breach also underscores growing tensions in the entertainment industry regarding using artificial intelligence. Many artists and activists argue that AI advancements have led to the uncredited and uncompensated use of creative works, which companies use to develop new technologies like chatbots and content generators.
Security researchers have linked Nullbulge to previous incidents involving malicious software distribution through Trojan horse tactics. These included hiding malware in free video game add-ons and AI-powered image-generation software. The group reportedly accessed Disney’s Slack data by compromising the computer of a Disney software development manager, using both a video game add-on and an undisclosed second method.
Recently, AT&T paid a ransom of more than $300,000 to the ShinyHunters ransomware group to get the massive trove of their data deleted.
In the News: Kaspersky shuts down USA operations amid ban
