No menu items!
EletiofeHackers Claim to Have Leaked 1.1 TB of Disney...

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

-

- Advertisment -

A group calling itself “NullBulge” published a 1.1-TB trove of data late last week that it claims is a dump of Disney’s internal Slack archive. The data allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs.

The hackers claim they got access to the data from a Disney insider and named the alleged collaborator. A person with that name who lists Disney as their current employer did not return WIRED’s request for comment. Whether the hackers actually had inside help remains unconfirmed; they could also have plausibly used info-stealing malware to compromise an employee’s account. Disney did not confirm the breach or return multiple requests for comment about the legitimacy of the stolen data. A Disney spokesperson told the Wall Street Journal that the company “is investigating this matter.”

The data, which appears to have been first published on Thursday, was posted on BreachForums and later taken down, but it is still live on mirror sites.

Roei Sherman, field CTO at Mitiga Security, says he isn’t surprised that a giant like Disney could have a breach of this scale and significance. “Companies are getting breached all the time, especially data theft from the cloud and software-as-a-service platforms,” he says. “It is just easier for attackers and holds bigger rewards.”

Sherman, who reviewed the data in the leak, added that “all of it looks legit—a lot of URLs, conversations of employees, some credentials, and other content.”

The NullBulge site says that it is a “hacktivist group protecting artists’ rights and ensuring fair compensation for their work.” The group claims it hacks only targets that violate one of three “sins.” First: “We do not condone any form of promoting crypto currencies or crypto related products/services.” Second: “We believe AI-generated artwork harms the creative industry and should be discouraged.” And third: “Any theft from Patreons, other supportive artist platforms, or artists in general.”

The group’s “wall of knowledge,” where it lists its data dumps, summarizes the philosophy: “What better way to punish someone than getting them in trouble eh?” Previously, the group targeted the Indian content creator Chief Shifter with a “first shaming.” Then in May, NullBulge posted a “second punch” and teased the Disney breach. “Here is one I never thought I would get this quickly … Disney. Yes, that Disney,” NullBuldge wrote, suggesting that the group may be a single person. “The attack has only just started, but we have some good shit. To show we are serious, here is 2 files from inside.”

In addition to the alleged Slack data, NullBulge posted what appears to be detailed information about the individual whom they claim provided the insider access and data. The leak includes medical records and other personally identifying information, plus the alleged contents of the alleged Disney employee’s 1Password password manager. NullBulge claims to have doxxed the individual in retaliation for cutting off communication and access, although whether the employee actually collaborated with the group in the first place remains unconfirmed.

Security researchers have long warned about corporate Slack accounts as a treasure trove for attackers if compromised. The popular team communication platform is owned by Salesforce and is used by an array of prominent organizations, including IBM, Capital One, Uber, and Disney rival Paramount.

“Disney will probably be targeted a lot more now by opportunistic threat actors,” Sherman warns.

Latest news

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but right before the Nintendo Switch launched in 2017, it seemed...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita Williams will return to Earth next February aboard SpaceX’s Dragon...

How to Switch From iPhone to Android (2024)

Ignore the arguments about which is better, because iPhones and Android phones have far more in common than some...

12 Best Tablets (2024): iPads, Androids, and More Tested and Compared

Tablets often don't come with kickstands or enough ports, so it's a good idea to snag a few accessories...
- Advertisement -

Will the ‘Car-Free’ Los Angeles Olympics Work?

THIS ARTICLE IS republished from The Conversation under a Creative Commons license.With the Olympic torch extinguished in Paris, all...

Lionel Messi will return before MLS playoffs, says Inter Miami coach Tata Martino

Inter Miami head coach Tata Martino said on Friday that Lionel Messi will return to the team's lineup before...

Must read

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita...
- Advertisement -

You might also likeRELATED
Recommended to you