A hacktivist group claims to have hacked into renowned entertainment company Disney’s internal Slack channels and stolen about more than a terabyte of data.
The Disney data breach was allegedly orchestrated by a group that identifies itself as “NullBulge.” According to the threat actor, it exfiltrated 1.1 TB of files and chat messages from 10,000 Slack channels, including those used by the company’s developers.
“Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? Go grab it,” the group wrote in a post on X (formerly twitter).
Disney Data Breach in Detail
On July 12, 2024, threat actor “NullBulge” wrote a post on data leak marketplace Breachforums that claimed that the group breached details of Disney’s unannounced projects, raw images and code, some login credentials, link to internal API and webpages, and other miscellaneous data.
The leak purportedly contains contents from Slack chats, such as various files of the employees, screenshots, pictures of the employees’ pets, and phone numbers, among other details posted on Slack.
In their blog post, the attackers stated that they had a mole in Disney, an employee who assisted them in the malicious data leak. However, they claimed that this collaborator consequently refused to supply them with more data.
“We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!” read the blog post.
Disney Yet to React to Data Breach Claims
Disclosure of internal chats is dangerous for not just Disney but for every other firm. This provides access to sensitive information for hackers who can potentially exploit vital communication resources, and threaten to release damaging information.
The Cyber Express has reached out to Disney to learn more about this cyberattack and the authenticity of the claims made by the threat actor. However, at publication time, no official statement or response has been received, leaving the claims for the Disney data breach unverified.
Even though Disney hasn’t reacted to the leak yet, if the attackers’ statements are to be believed, then the stolen information would be highly beneficial to fraudsters. For example, hackers often look for victims that have the most potential for supply chain attacks. Leaked company information would let a malicious actor more easily enter the company’s network.
And hackers love to showcase their prowess by sending crude messages to organizations through their internal base, such as Slack channels.
According to a report making the rounds online, the Disney Data Breach has revealed that the company could release a sequel to the 2021 game Aliens: Fireteam Elite. The sequel was codenamed Project Macondo and is scheduled for Q3 2025, although that plan might have changed.
The documents describe a new mode called Annihilation, which is a ‘new spin on Horde Mode with a variety of objectives and encounters.’
The project’s scope is also outlined, suggesting the documents are a pitch or from early in development. It describes having an ‘ideal scope’ of 12 hours of gameplay in the Campaign mode, and one map for Annihilation.
Disney Hack Not the First Instance of Slack Access Breach
This is not the first instance of hackers gaining access to slack channels of a company. Last year, a threat actor initiated a chat to carry out a malware attack on renowned global casino and resort powerhouse MGM Resorts. The bad actors spied on employees and obtained more data.
In December 2022, video game publishing company Activision also was hacked, in which the attackers got into the corporate Slack and the game release schedule.
A culprit in 2022 managed to penetrate Uber’s cyber security and proceeded to leave a message on the company’s Slack forums, apparently in a protest of the company’s payout policy to drivers.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
