It’s been months since hacking group Nullbulge stole over a terabite of data from Disney via the company’s internal Slack server. Repercussions are still being felt within the company, and employees have just been notified that a major shift is coming to Disney’s internal communications processes. CNBC has reported that Disney Chief Financial Officer Hugh Johnston has sent a memo to the company, informing staff that most of the company’s business units will be moving away from Slack. According to CNBC, Disney is already transitioning to internal “streamlined enterprise-wide collaboration tools,” and that Slack will be a thing of the past by the end of the company’s next fiscal quarter.
The following was originally published July 16, 2024:
UPDATE: Since this article was originally published, the first pieces of stolen data have begun to leak online, which, according to The Wall Street Journal, includes “conversations about maintaining Disney’s corporate website, software development, assessments of candidates for employment, programs for emerging leaders within ESPN and photos of employees’ dogs, with data stretching back to at least 2019.”
Both Disney and Nullbulge have now commented regarding the data breach. A spokesperson for Disney did all but confirm the breach, simply commenting “Disney is investigating this matter.” The hacker group claiming responsibility, Nullbulge, claims that its goal is “protecting artists’ rights and ensuring fair compensation for their work.” In a statement to The Wall Street Journal, Nullbulge says they targeted Disney “due to how it handles artist contracts, its approach to AI, and it’s [sic] pretty blatant disregard for the consumer.”
The following was originally published July 15, 2024:
Reports emerged over the weekend that over 1TB of data has been stolen from The Walt Disney Company. A hacker group known as “Nullbulge” has reportedly claimed responsibility, stating that they were able to access Disney’s internal Slack server to compromise 1.1TB of data, including concept art, information on unreleased projects, employee login credentials, and more. As Disney’s various branches concurrently work on a countless number of projects, the stolen data could prove damaging to the company. As Disney owns Marvel, the future timeline of Marvel Cinematic Universe movies is a highly-protected piece of information that could have possibly been accessed. At press time, one stolen piece of data, relating to the upcoming Aliens Fireteam Elite 2 video game, has leaked online.
UPDATE: Second wave of Roku account hacks affects 576,000
Disney has yet to comment on the alleged data breach, and this story will be updated if/when the company makes a statement. This would not be the first time a major entertainment company has been hacked in recent years, with Rockstar Games suffering a hack, notably also via Slack, in late 2022. The damages of the Rockstar hack were estimated to be around $5 million, as major assets for the hugely anticipated Grand Theft Auto 6 were compromised in the hack. As The Walt Disney Company is a colossal corporation, the scale and scope of compromised data has yet to be seen, but could be comparable or far worse.
