A group of hacktivists claims to have breached the IT systems of Disney, and stolen a gigantic 1.1 terabytes worth of data from the entertainment giant's internal Slack messaging channels.
The hacking group, which calls itself NullBulge, posted on an underground hacking forum that it had hoped to postpone announcing the breach until it had accessed more information, "but our insider man got cold feet and kicked us out."
If the hackers are to be believed, the information exposed was taken from almost 10,000 Slack channels and includes details of internal projects, as well as messages, files, code, social security numbers, login credentials, and personal photographs. There are understandably concerns that the exfiltrated data could potentially be exploited for the purposes of further cyber attacks.
NullBulge is a little-known group of hacktivists that claims to be motivated by "protecting artists' rights and ensuring fair compensation for their work."
Last month, NullBulge reportedly uploaded malicious Stable Diffusion extentsions to GitHub to allegedly protest how AI was stealing from real-life artists.
Disney has perhaps caught the attention of NullBulge because it has in the past been the focus of criticism for failing to pay outstanding royalties to writers who worked on properties the company now owns - including Star Wars, Alien, and Buffy the Vampire Slayer.
Whatever the motivation, the claim is that confidential communications and sensitive information have been stolen from Disney and leaked on the internet. Disney will understandably be concerned about the possible ramifications for their future business plans, and what impact the breach might have on its relationships with partners.
As we have discussed before, other entertainment companies have found themselves in the targets of hackers who have shown no qualms about sharing stolen secrets or even publishing videos of as-yet-unreleased video games.
At the time of writing, Disney has not confirmed that NullBulge's claims are true. However, if they are found to be true, and if the perpetrators are identified, it would not be a surprise to learn that the infamously litigious Disney uses every legal avenue available to it to make an example of those who dared to hack the House of Mouse.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024