Disney is currently conducting an investigation into a hack that targeted the entertainment company’s internal Slack channels. The hacker group known as Nullbulge has claimed responsibility for the breach, stating that they have accessed and leaked over 1 terabyte of data from Disney’s internal Slack channels. The group describes themselves as “hacktivists” who aim to protect artists’ rights and ensure fair compensation for their work.
In their latest blog post, Nullbulge shared screenshots of documents they allegedly downloaded, revealing sensitive information such as traffic and revenue data for Disneyland Paris and a new streaming feature that would recommend Disney content based on viewers’ previous preferences. The group has threatened to release the entire haul of data online, which reportedly includes details about unreleased projects, raw images, and computer code.
According to an email sent to Variety, Nullbulge claimed to have gained access through a user with slack access who had cookies. The group states that the user was aware of their presence and attempted to remove them once, but they were able to re-enter before being kicked out again. The hackers claim to be based in Russia and explained their motivation for targeting Disney, citing concerns about the company’s handling of artist contracts, approach to AI, and disregard for consumers.
The Wall Street Journal, which originally reported on the hack, was able to view some of the leaked files, including discussions about maintaining Disney’s corporate website, software development, candidate assessments, leadership programs within ESPN, and even photos of employees’ dogs dating back to 2019. A Disney spokesman confirmed that the company is currently investigating the matter.
This incident may bring back memories of a similar hack that targeted Sony Pictures a decade ago, considered to be one of the most significant corporate data breaches in U.S. history. The Sony hack resulted in the leak of years’ worth of emails, leading to chaos within the entertainment industry. Notable figures like producer Amy Pascal stepped down from their positions, and private communications discussing celebrities and political figures were made public. The studio faced severe disruptions in their operations, relying on manual processes for tasks like payroll due to the extent of the breach.
With Disney’s diverse range of businesses, including film and television studios, streaming services, cable networks, theme parks, and more, the potential fallout from this hack could have far-reaching consequences. As the investigation into the breach continues, the entertainment giant will likely be implementing heightened security measures to prevent future incidents.
It is essential for companies like Disney to prioritize cybersecurity and safeguard their sensitive data to protect both their business operations and the privacy of their employees and customers. As the digital landscape evolves, the threat of cyber attacks remains a constant challenge that organizations must actively address and mitigate to maintain trust and security in an increasingly interconnected world.
Jennifer Maas contributed to this report.