A notorious group of hacktivists known as NullBulge has recently claimed responsibility for breaching Disney’s internal Slack channels and stealing over a terabyte of data. The cyberattack, which targeted the renowned entertainment company, involved exfiltrating files and chat messages from approximately 10,000 Slack channels, including those utilized by Disney’s developers.
In a bold move, the group taunted Disney by posting a message on X (formerly Twitter), stating, “Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? Go grab it.” This brazen act highlighted the potential vulnerabilities in Disney’s cybersecurity measures and raised concerns about the safety of sensitive information within the company.
The breach, which was allegedly orchestrated by NullBulge, was reported on July 12, 2024, when the threat actor shared details of the stolen data on a data leak marketplace called Breachforums. The compromised information reportedly included details of Disney’s undisclosed projects, raw images, code snippets, login credentials, links to internal APIs, and webpages, among other miscellaneous data.
Furthermore, the leaked data contained contents from Slack chats, such as files belonging to employees, screenshots, pictures of employees’ pets, phone numbers, and other personal details shared on the platform. The attackers claimed to have had insider assistance from a mole within Disney, although this collaborator allegedly backed out before providing additional data to the group.
Despite the gravity of the situation, Disney has yet to issue an official response to the data breach claims made by NullBulge. The disclosure of internal communications poses a significant risk to the company, as hackers could exploit such information to launch damaging attacks or leaks that could jeopardize Disney’s operations and reputation.
The Cyber Express reached out to Disney for comment on the cyberattack and the authenticity of the claims, but no official statement has been released as of publication time. If the hackers’ assertions are accurate, the stolen data could be leveraged by malicious actors to carry out supply chain attacks or gain unauthorized access to Disney’s network infrastructure.
Moreover, the leaked information hinted at potential future projects from Disney, including a sequel to the game “Aliens: Fireteam Elite” codenamed Project Macondo, scheduled for release in Q3 2025. The leaked documents described new features and gameplay modes, offering insights into Disney’s upcoming gaming ventures.
This incident is not the first instance of hackers infiltrating a company’s Slack channels. Similar breaches have occurred in other organizations, such as MGM Resorts and Activision, showcasing the vulnerabilities of communication platforms like Slack to cyberattacks. These incidents underscore the importance of robust cybersecurity measures and ongoing vigilance to protect sensitive information from malicious actors.
As the investigation into the Disney data breach continues, cybersecurity experts and industry analysts are closely monitoring the situation to assess the potential impact on Disney’s operations and security posture. The repercussions of this breach could extend beyond financial losses to reputational damage and regulatory scrutiny, underscoring the need for organizations to prioritize cybersecurity defenses and incident response strategies to mitigate cyber risks.