An activist hacking group has made claims that they have leaked a substantial amount of Disney’s internal messaging channels, revealing information about unreleased projects, raw images, computer codes, and some logins. The group, known as Nullbulge, took responsibility for the breach and stated that they had leaked approximately 1.2 terabytes of data from Disney’s Slack, a communication software. In an email sent to CNN on Monday, the group asserted that they were able to gain access through a person with Slack privileges who had cookies. Additionally, the group claimed to be based in Russia.
According to the email, the individual with Slack access was initially aware of the breach but failed to prevent the group from reentering the system. CNN was unable to independently verify these claims. In response to the alleged breach, Disney released a statement on Monday indicating that they are investigating the matter. Disney, with its vast entertainment empire spanning across multiple divisions and companies such as ESPN, Hulu, Disney+, and ABC News, is now facing the repercussions of this cyber attack.
The hackers behind Nullbulge stated that their primary motivation was to advocate for artists’ rights and fair compensation for their work, especially in the era of artificial intelligence. They criticized Disney for its handling of artist contracts, approach to AI, and alleged disregard for consumers. Nullbulge had foreshadowed the data leak on social media in the weeks leading up to the breach. For instance, in June, they posted data related to visitor statistics, bookings, and revenue at Disneyland Paris.
Artificial intelligence emerged as a contentious issue during recent strikes by the Screen Actors Guild and the Writers Guild of America. Writers expressed concerns that AI technology like ChatGPT could potentially replace them in scriptwriting, while actors feared that computer-generated imagery (CGI) might entirely supplant their roles. The hackers justified their data leak by claiming that making demands of Disney would have been futile, as the company would likely respond by tightening security measures.
In a cautionary reference to a previous incident, the hackers mentioned the 2014 megahack at Sony Pictures, which was linked to North Korea and resulted in the exposure of sensitive information such as emails from executives, celebrity aliases, social security numbers, and complete movie scripts. The group’s decision to leak Disney’s internal data underscores the growing threat of cyber attacks on major companies and the need for improved cybersecurity measures across all industries. Disney’s response to this breach will likely involve enhanced security protocols and additional safeguards to prevent similar incidents in the future.