Disney Data Breach: NullBulge Releases 1.1 Terabytes of Internal Slack Files
A group referring to itself as “NullBulge” recently made headlines after releasing 1.1 terabytes of data, claiming it to be a dump of Disney’s internal Slack files. The leaked data reportedly contains messages and files from nearly 10,000 channels, including sensitive information such as unpublished projects, code, images, login credentials, and links to internal websites and APIs.
Alleged Disney Data Breach and Response
NullBulge hackers stated that they acquired the data from Disney insiders, naming alleged collaborators. Disney has not confirmed the breach and has not commented on the legality of the stolen material. The company mentioned that it is currently investigating the matter, as reported by the Wall Street Journal.
Despite the initial post on BreachForums being removed, the data is still accessible on mirror sites.
Implications of the Data Leak
Roei Sherman, the field chief technology officer at Mitiga Security, expressed his lack of surprise at a company of Disney’s caliber experiencing such a significant breach. He highlighted the prevalence of data theft from cloud and software-as-a-service platforms, emphasizing the attractiveness of such targets to cyber attackers.
Sherman, who examined the leaked data, confirmed its authenticity, noting the presence of various URLs, employee conversations, credentials, and other sensitive information.
NullBulge’s actions have raised concerns about the security of corporate Slack accounts, serving as a stark reminder of the potential risks associated with compromised communication platforms.
NullBulge’s Motives and Targets
NullBulge identifies as a “hacktivist organization” advocating for artist rights and fair compensation. The group cites three “crimes” that justify their attacks, including opposition to cryptocurrency promotion, AI-generated artwork, and theft from artists.
Previous targets of NullBulge include individuals and entities deemed to be in violation of their principles, with Disney being the latest subject of their data release. The group’s actions underscore their commitment to holding accountable those they perceive as transgressors.
As security experts caution about the increased vulnerability of high-profile organizations like Disney to opportunistic threat actors, the aftermath of the data breach prompts a reevaluation of data security measures across industries.
