The Walt Disney Company is cutting ties with workplace communications platform Slack following a massive hack earlier this year that exposed sensitive company information. The decision comes amid growing concerns about Disney’s cybersecurity posture in the wake of the breach orchestrated by hacktivist group “NullBulge.”
According to reports, Disney’s Chief Financial Officer, Hugh Johnston, confirmed that most of the entertainment giant’s divisions will be phasing out Slack by the end of the year. In an email to staff, Johnston stated, “Our technology teams are now managing the transition off Slack by the end of Q1 FY25 for most businesses.” While some more complex use cases may require additional time, the migration is expected to be completed by the second quarter of 2025.
Many teams at Disney have already begun transitioning to alternative collaboration tools, although the specifics of the new system have not been disclosed. Competitors to Slack include Microsoft Teams, Google Chat, Webex Suite, Workplace, Mattermost, RingEX, Filestage, and Symphony.
The decision to part ways with Slack stems from a data breach in July 2024, where threat actor “NullBulge” claimed to have obtained over 44 million messages from Disney’s Slack workspace. The breach exposed details of unannounced projects, raw images, code, login credentials, internal API links, and other data.
The attackers also revealed contents from Slack chats, including employee files, screenshots, pictures of pets, and phone numbers. They claimed to have had a mole within Disney who assisted in the breach but later refused to provide further data. The leaked information hinted at a possible sequel to the game Aliens: Fireteam Elite, codenamed Project Macondo, slated for release in Q3 2025.
Disney’s announcement of severing ties with Slack comes after an investigation into an unauthorized release of data earlier this year. The company is not the only victim of Slack hacks, as previous incidents have affected companies like MGM Resorts, Activision, and Uber, highlighting the vulnerabilities of the platform to cyber attacks.
The Disney data breach serves as a reminder of the evolving cyber threat landscape and the importance of vetting and monitoring third-party vendors’ cybersecurity practices. It is crucial for organizations to ensure that their vendors meet security standards to mitigate the risk of data breaches and cyber attacks. As Disney transitions away from Slack, the focus on cybersecurity preparedness and resilience becomes more critical in safeguarding sensitive information and maintaining trust with stakeholders.