There are reports of a significant data breach at Disney, allegedly caused by hacktivist group NullBulge.
They claim to have successfully accessed the company's internal Slack communications. According to NullBulge, they claim to have obtained a massive 1.1 terabytes of data from around 10,000 channels in Disney's Slack workspace.
This includes messages, files, unreleased projects, raw images, source code, logins, and links to internal APIs and web pages.
There is a breach that has not been verified yet. It supposedly contains a full copy of the Slack communications used by Disney's development team.
If confirmed, this incident would be another example of a company being compromised through Slack, adding to the growing list of such incidents in recent years.
In late 2022, Rockstar Games encountered a breach that resulted in the unauthorized release of videos showcasing the much-anticipated game, GTA 6.
What’s Inside the Magic?
Our investigative team delve into the magic and interacted with individuals who were examining the breach.
They discovered files pertaining to Disney Kids games, complete packages of source code, and extensive text conversations.
According to one person: the volume of data is so immense that a thorough examination in one sitting is virtually impossible.
“So far, I see some interesting internal IT management info, patch management logs, physical server images. Curious what other ‘magic' lies within.” One user stated.
Based on the initial findings, it appears that this leak has the potential to cause significant harm to Disney.
“But even we have no clue of the full scope of what is in it; there is just that much there. Millions of lines of text conversations and over 2 million files. Just getting the torrent file made took a day, let alone sifting through it.” Another user mentioned
The data contains various types of information, such as internal IT management data, patch management logs, physical server images, and content related to Disney Streaming and Walt Disney World (WDW).
Revealing this sensitive information could potentially expose Disney's undisclosed movies and projects.
In addition, the threat actor behind this breach stated “I found a few ‘upload' files for some of the kids' games, full packages of the source code and HTML,” said the threat actor behind the breach.
Hacktivist group Nullbulge
NullBulge initially shared the leaked data on 4chan, but it was quickly taken down. Afterwards, the data was posted on BreachForums, a dark web forum notorious for hosting sensitive breaches and illegal online activities.
Forum hackers have been delving into the data and discovering source files, 3D models, and artwork connected to upcoming projects. The entire 1.1 terabytes of data will probably be split into smaller sections to make it more convenient to access.
It is still unclear how NullBulge managed to breach Disney's internal Slack. Legal data retention requirements from ongoing litigation can complicate Corporate Slack's security in large companies like Disney.
NullBulge has not provided a clear explanation of how they obtained such a large volume of data.
The origins of NullBulge are not easily explained. According to their official website, the group's mission is to safeguard artists' rights and promote fair compensation for their creative endeavors.
There are rumors circulating about a possible connection between NullBulge and the LockBit ransomware gang. It appears that NullBulge is utilizing the leaked builder from LockBit.
Disney's Struggles with Artists' Rights
Disney has been the subject of criticism and legal challenges in recent years regarding the issue of fair compensation for artists and writers.
It has been brought to attention by notable individuals such as Neil Gaiman that Disney is no longer providing royalties to certain writers and artists for their works, which include novelizations and graphic novels based on Disney-owned properties.
This problem has impacted numerous creators who have made significant contributions to well-known franchises like “Star Wars” and “Alien.”
This breach could worsen Disney's current problems. The company could potentially suffer from significant reputational damage and legal repercussions due to the exposure of unreleased projects and sensitive internal information.
Although the validity of NullBulge's statements has not been verified, the potential consequences of such a breach are significant.
The reported access to 1.1 terabytes of data, which includes sensitive and unreleased information, presents a significant risk to Disney's operations and reputation.