Disney investigates internal data leak

A hacker allegedly obtained and leaked over one terabyte of data from Disney’s internal Slack channel.

What happened

Disney is investigating a data leak of the company’s internal Slack channels. The attack was claimed by an organization called “NullBulge,” which claims to focus on “protecting artists’ rights and ensuring fair compensation for their work.” The organization, which claims to be Russian-based, considers themselves “hacktivists,” meaning their attacks are politically motivated. 

The attack occurred in mid-July, although the specific timing is unknown. Allegedly, NullBulge was able to access Disney’s internal Slack archive, including messages and files from approximately 10,000 channels. Information may have included unreleased projects, code, images, login credentials, and links to internal websites and APIs. Data stretched as far back as 2019. 

Going deeper

According to Wired, the data was published to an online form, BreachForums, on July 11th.  The data was soon taken offline, but can now be found on other sites. 

The hackers claim to have accessed the Slack channel from a Disney insider and even named the individual, but Disney has not confirmed the allegations. Hackers may have accessed Slack through other means, like compromising an employee account. The hacker group released personally identifying information about the alleged collaborator, claiming it was retaliation for losing access. 

In an email, the hacker group said, “Disney was our target due to how it handles artist contracts, its approach to AI, and its pretty blatant disregard for the consumer.” 

Currently, Disney says they are “investigating this matter” but have remained tight-lipped regarding their process. 

What’s next

As Disney continues the investigation, it will become clearer how the attack occurred and if it was an insider threat or the result of malware. 

Some experts, like Roei Sherman from Mitiga Security, believe this attack could open Disney up to more problems. “Disney will probably be targeted a lot more now by opportunistic threat actors,” he said. 

According to an analysis from Google and Madiant, hacktivism attacks are on the rise and often inspired by global events. While hacktivist efforts are increasingly sophisticated and can result in privacy issues for organizations, their effectiveness has been widely debated. It’s currently unclear if Disney will respond to any of the demands or consider the data lost. 

The big picture

For organizations using Slack, the attack is a reminder the communications channel can hold significant amounts of valuable information. 

While Slack offers multi-factor authentication, the organization has been hacked several times before, impacting organizations like Uber and Twitter. 

As the company investigates and recovers from the breach, it may consider other communication methods, like email, that could be more secure. 

Read more: HIPAA Compliant Email: The Definitive Guide