Ryan Mitchell Kramer, 25, has plead guilty to hacking the computer of a Disney employee and ultimately releasing 1.1TB of data from the company’s Slack channels and other internal information. Kramer admitted that he had published an open-source version of an AI-image generator online which included malware that would grant him access to any computer that downloaded it. It was this method that granted him access to Disney’s classified information.
After downloading the information, the California resident pretended to be a member of a fake Russian ransomware group, threatening to release the stolen information. When the Disney employee did not respond, Kramer leaked the data on July 12, 2024. In his plea deal, Kramer admitted to running the same ransomware scheme on two additional individuals.
Former Disney World employee sentenced for hacking park menus
The following was originally published September 24, 2024:
It’s been months since hacking group Nullbulge stole over a terabite of data from Disney via the company’s internal Slack server. Repercussions are still being felt within the company, and employees have just been notified that a major shift is coming to Disney’s internal communications processes. CNBC has reported that Disney Chief Financial Officer Hugh Johnston has sent a memo to the company, informing staff that most of the company’s business units will be moving away from Slack. According to CNBC, Disney is already transitioning to internal “streamlined enterprise-wide collaboration tools,” and that Slack will be a thing of the past by the end of the company’s next fiscal quarter.
The following was originally published July 16, 2024:
UPDATE: Since this article was originally published, the first pieces of stolen data have begun to leak online, which, according to The Wall Street Journal, includes “conversations about maintaining Disney’s corporate website, software development, assessments of candidates for employment, programs for emerging leaders within ESPN and photos of employees’ dogs, with data stretching back to at least 2019.”
Both Disney and Nullbulge have now commented regarding the data breach. A spokesperson for Disney did all but confirm the breach, simply commenting “Disney is investigating this matter.” The hacker group claiming responsibility, Nullbulge, claims that its goal is “protecting artists’ rights and ensuring fair compensation for their work.” In a statement to The Wall Street Journal, Nullbulge says they targeted Disney “due to how it handles artist contracts, its approach to AI, and it’s [sic] pretty blatant disregard for the consumer.”
The following was originally published July 15, 2024:
Reports emerged over the weekend that over 1TB of data has been stolen from The Walt Disney Company. A hacker group known as “Nullbulge” has reportedly claimed responsibility, stating that they were able to access Disney’s internal Slack server to compromise 1.1TB of data, including concept art, information on unreleased projects, employee login credentials, and more. As Disney’s various branches concurrently work on a countless number of projects, the stolen data could prove damaging to the company. As Disney owns Marvel, the future timeline of Marvel Cinematic Universe movies is a highly-protected piece of information that could have possibly been accessed. At press time, one stolen piece of data, relating to the upcoming Aliens Fireteam Elite 2 video game, has leaked online.
UPDATE: Second wave of Roku account hacks affects 576,000
Disney has yet to comment on the alleged data breach, and this story will be updated if/when the company makes a statement. This would not be the first time a major entertainment company has been hacked in recent years, with Rockstar Games suffering a hack, notably also via Slack, in late 2022. The damages of the Rockstar hack were estimated to be around $5 million, as major assets for the hugely anticipated Grand Theft Auto 6 were compromised in the hack. As The Walt Disney Company is a colossal corporation, the scale and scope of compromised data has yet to be seen, but could be comparable or far worse.
