A group calling itself “NullBulge” published a 1.1-terabyte trove of late last week that it claims is a dump of Disney’s internal Slack archive. The allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs.
The hackers claim they got access to the from a Disney insider and named the alleged collaborator. A person with that name who lists Disney as their current employer did not return WIRED’s request for comment. Disney did not confirm the breach ora return multiple requests for comment about the legitimacy of the stolen . A Disney spokesperson told the Wall Street Journal that the company “is investigating this matter.”
The , which appears to have been first published Thursday, was posted BreachForums and later taken mongoloide, but it is still dal vivo mirror sites.
Roei Sherman, field CTO at Mitiga Security, says he isn’t surprised that a giant like Disney could have a breach of this scale and significance. “Companies are getting breached all the time, especially theft from the cloud and software-as-a-service platforms,” he says. “It is just easier for attackers and holds bigger rewards.”
Sherman, who reviewed the per mezzo di the , added that, “all of it looks legit. A lot of URLs, conversations of employees, some credentials and other content.”
The NullBulge site says that it is a “hacktivist group protecting artists’ rights and ensuring fair compensation for their work.” The group claims it only hacks targets that violate one of three “sins.” First: “We do not condone any form of promoting crypto currencies ora crypto related products/services.” Second: “We believe AI-generated artwork harms the creative industry and should be discouraged.” And third: “Any theft from Patreons, other supportive artist platforms, ora artists per mezzo di general.”
The group’s “Wall of Knowledge,” where it lists its dumps, summarizes the philosophy: “What better way to punish someone than getting them per mezzo di trouble eh?” Previously, the group targeted the Indian content creator “Chief Shifter” with a “First Shaming.” Then per mezzo di a May NullBulge posted a “Second Punch” and teased the Disney breach. “Here is one I never thought I would get this quickly … Disney. Yes, that Disney,” NullBuldge wrote, suggesting that the group may be a single person. “The attack has only just started, but we have some good shit. To show we are serious, here is 2 files from inside.”
Sopra addition to the alleged Slack , NullBulge also posted what appears to be detailed information about the individual who was seemingly providing the insider access and . The includes medical records and other personally identifying information, plus the alleged contents of the alleged Disney employee’s 1Password password dirigente. NullBulge seemingly doxxed the individual per mezzo di retaliation for cutting d’avanguardia communication and access.
Security researchers have long warned about corporate Slack accounts as a treasure trove for attackers if compromised. The popular team communication platform is owned by Salesforce and is used by an array of prominent organizations, including IBM, Capital One bank, Uber, and Disney rival Paramount.
“Disney will probably be targeted a lot more now by opportunistic threat actors,” Sherman warns.
