In a significant data breach, hacktivist group NullBulge has infiltrated Disney’s internal Slack infrastructure, leaking 1.2TB of sensitive data. This breach, posted on the cybercrime platform Breach Forums on July 12, 2024, exposes many of Disney’s internal communications, compromising messages, files, code, and other proprietary information.
NullBulge, a self-proclaimed group of hacktivists, announced their exploit on both Breach Forums and Twitter. Their message on Breach Forums read: “1.1TiB of data. Almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal API/web pages, and more! Have fun sifting through it, there is a lot there.”
On Twitter, NullBulge further taunted Disney, stating, “Disney has had their entire dev Slack dumped. 1.1 TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? Go grab it.” This public declaration reveals the hackers’ audacity and highlights their motive to expose what they perceive as corporate wrongdoing.
NullBulge’s official website claims their mission is to protect artists’ rights and ensure fair compensation. This attack aligns with ongoing controversies surrounding Disney’s compensation practices. Prominent authors like Alan Dean Foster have previously accused Disney of withholding royalties for works under franchises such as “Star Wars” and “Alien.” These accusations have drawn attention from organizations like the Science Fiction & Fantasy Writers of America (SFWA), which have campaigned for fair treatment of creators.
NullBulge’s message implies they aim to spotlight Disney’s internal workings, possibly to pressure the company to address these grievances.
Stack Diary was able to see snippets of the data provided to us by an anonymous source. Based on the data we have seen, the leak exposes a wide array of Disney’s operations, from project details to financial data, email exchanges saved as documents, and more.
One document we saw, an email exchange between employees, was dated “Thursday, April 11, 2024”, but we can’t say with certainty when the perpetrator last accessed this data. We saw a tree format of hundreds of PDF and Excel documents, including documentation that showcases the internal network structure for Disney operations.
Based on what our source showed us, we can say that, at the very least, over 50,000 various images were included in the leak. These images, uploaded as part of everyday communications through Slack, range from simple issues Disney employees have had with the Disney corporate management platform to more sensitive information, such as work-in-progress project details, receipts, internal communications, and developer-oriented data, such as login URLs, API endpoints, project source code, system logs, and more.
Some leaked files include employee information, including names and surnames, email addresses, photos, and, in some cases, home addresses. The communications and uploaded files include financial data such as ad spend and budgets for Disney and Hulu, a Disney+ streaming service.
We also understand that this leak includes proprietary data, project plans (physical and digital), and discussions about various ongoing projects. The discussions are distributed through individual .json files for each channel Disney has in Slack, of which there are thousands. That said, we’re at no liberty to discuss anything specific. Considering that the database has been leaked freely, including for those who aren’t on the dark web – it is only a matter of time before this leak gets dissected and explored to its full extent.
On July 15, a Disney spokesperson told the Wall Street Journal that the company is “looking into the matter.”
In other news, on the same day NullBulge made the database public, AT&T announced a breach involving call records and text message logs affecting over 110 million Americans. Similarly, Ticketmaster is grappling with a data breach involving 560 million users, which they have acknowledged and begun to notify their users about.
The article was updated on 7/16/24 at 9:36 GMT to mention that Disney has partially acknowledged the breach.
