Disney has confirmed it is investigating an apparent leak of internal messages by a hacking group, which claims it is "protecting artists' rights".
The group, Nullbulge, said it had gained access to thousands of communications from Disney employees and had downloaded "every file possible".
The anonymous group calling itself Nullbulge has claimed responsibility for the leak, alleging to have gained access to the company’s Slack messaging data via the compromised computer of a Disney employee. “Anything we could get our hands on, we downloaded and packaged up,” the group said on X, claiming to have obtained “1.1TiB of files and chat messages” from almost 10,000 corporate Disney Slack channels. Disney has since confirmed to The Wall Street Journal that it’s “investigating this matter.”
The Wall Street Journal, which first reported this story, has viewed a number of the files allegedly obtained and leaked by Nullbulge, which included “conversations about maintaining Disney’s corporate website, software development, assessments of candidates for employment, programs for emerging leaders within ESPN and photos of employees’ dogs, with data stretching back to at least 2019.”
Nullbulge alluded to possessing the stolen data on July 12th, hours prior to leaking Disney’s Slack archive.
Roei Sherman, field CTO at Mitiga Security, says he isn't surprised that a giant like Disney could have a breach of this scale and significance.
“Companies are getting breached all the time, especially data theft from the cloud and software-as-a-service platforms,”
he says.
“It is just easier for attackers and holds bigger rewards."
Sherman, who reviewed the data in the leak, added that “all of it looks legit—a lot of URLs, conversations of employees, some credentials, and other content.”
Comments