Ransomware

Disney Data Breached? Internal Slack Data Allegedly Leaked

Hacktivist group NullBulge claims to have breached Disney's internal Slack channels and stolen 1TB of data, potentially including details on unreleased projects and employee information.

by Krishna Murthy July 15, 2024

Share on LinkedInShare on Twitter

A hacktivist group claims to have hacked into renowned entertainment company Disney’s internal Slack channels and stolen about more than a terabyte of data.

The Disney data breach was allegedly orchestrated by a group that identifies itself as “NullBulge.” According to the threat actor, it exfiltrated 1.1 TB of files and chat messages from 10,000 Slack channels, including those used by the company’s developers.

“Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? Go grab it,” the group wrote in a post on X (formerly twitter).

Source: X

Disney Data Breach in Detail

On July 12, 2024, threat actor “NullBulge” wrote a post on data leak marketplace Breachforums that claimed that the group breached details of Disney’s unannounced projects, raw images and code, some login credentials, link to internal API and webpages, and other miscellaneous data.

The leak purportedly contains contents from Slack chats, such as various files of the employees, screenshots, pictures of the employees’ pets, and phone numbers, among other details posted on Slack.

In their blog post, the attackers stated that they had a mole in Disney, an employee who assisted them in the malicious data leak. However, they claimed that this collaborator consequently refused to supply them with more data.

“We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!” read the blog post.

Disney Yet to React to Data Breach Claims

Disclosure of internal chats is dangerous for not just Disney but for every other firm. This provides access to sensitive information for hackers who can potentially exploit vital communication resources, and threaten to release damaging information.

The Cyber Express has reached out to Disney to learn more about this cyberattack and the authenticity of the claims made by the threat actor. However, at publication time, no official statement or response has been received, leaving the claims for the Disney data breach unverified.

Even though Disney hasn’t reacted to the leak yet, if the attackers’ statements are to be believed, then the stolen information would be highly beneficial to fraudsters. For example, hackers often look for victims that have the most potential for supply chain attacks. Leaked company information would let a malicious actor more easily enter the company’s network.

And hackers love to showcase their prowess by sending crude messages to organizations through their internal base, such as Slack channels.

According to a report making the rounds online, the Disney Data Breach has revealed that the company could release a sequel to the 2021 game Aliens: Fireteam Elite. The sequel was codenamed Project Macondo and is scheduled for Q3 2025, although that plan might have changed.

The documents describe a new mode called Annihilation, which is a ‘new spin on Horde Mode with a variety of objectives and encounters.’

The project’s scope is also outlined, suggesting the documents are a pitch or from early in development. It describes having an ‘ideal scope’ of 12 hours of gameplay in the Campaign mode, and one map for Annihilation.

Disney Hack Not the First Instance of Slack Access Breach

This is not the first instance of hackers gaining access to slack channels of a company. Last year, a threat actor initiated a chat to carry out a malware attack on renowned global casino and resort powerhouse MGM Resorts. The bad actors spied on employees and obtained more data.

In December 2022, video game publishing company Activision also was hacked, in which the attackers got into the corporate Slack and the game release schedule.

A culprit in 2022 managed to penetrate Uber’s cyber security and proceeded to leave a message on the company’s Slack forums, apparently in a protest of the company’s payout policy to drivers.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button