Disney Data Breach: NullBulge Releases 1.1 Terabytes of Internal Files
A group known as “NullBulge” recently made headlines by releasing 1.1 terabytes of data, claiming it to be a dump of Disney’s internal Slack files. The leaked data reportedly includes a wide range of sensitive information, such as messages, code, images, and login credentials from nearly 10,000 channels.
Hacking Allegations and Data Origins
The hackers behind the breach have claimed that they obtained the data from insiders at Disney and have even named alleged collaborators. However, Disney has not confirmed the breach and has remained silent on the legality of the stolen material. The data was initially posted on BreachForums and has since been removed, but copies are still circulating on mirror sites.
Implications and Response
Roei Sherman, field chief technology officer at Mitiga Security, expressed little surprise at the breach, attributing it to the increasing threats of data theft from cloud and software-as-a-service platforms. The leaked data, according to Sherman, appears legitimate and contains URLs, employee conversations, and credentials.
NullBulge, the group responsible for the leak, describes itself as a hacktivist organization fighting for artists’ rights. They have a strict set of criteria for their targets, including those promoting cryptocurrencies, AI-generated artwork, and platforms that support artists. The group has previously targeted individuals and organizations they believe violate these criteria, including Disney.
Security researchers have warned about the vulnerability of corporate Slack accounts, as they can provide attackers with valuable information if compromised. With Disney now in the crosshairs of opportunistic threat actors, the company faces increased risks and challenges in securing its data and infrastructure.
