Disney Hacked Overnight, 1.1 TB Worth of Data Compromised

Dead2009

Horror Movie Guru
Original Poster

There are rumblings online that Disney has been hacked, with 1.1TB of data allegedly compromised.

A group called "Nullbulge" claims to have gained access to the company's internal Slack, with the data they've acquired including information on unreleased projects, never-before-seen concept art, and various login and persona details.

Disney has yet to comment on the supposed hack and none of this content has been released online...yet. Presumably, Disney will be asked to pay for the hacked data and, if they refuse, it will be shared online for the world to see.

That could mean we'll soon have a lot of inside information about the House of Mouse's movie slate, potentially extending to Marvel Studios and Lucasfilm's offerings.

In 2022, Rockstar Games was also breached via Slack, leading to 90 videos of Grand Theft Auto VI being leaked online (including development data which put its release at risk). Insomniac Games was hacked last year, with the result being that the company's upcoming slate and intel on scrapped projects - including Spider-Man Online - was in the wild for all to see.

Disney may be looking to distract from this news by confirming today that Marvel Studios will host a 1-hour Hall H panel at the San Diego Comic-Con on Saturday, July 27 from 6pm - 7pm.

That's a shorter-than-usual panel but enough to give us an updated slate and the odd trailer or two.

Surprisingly, this won't be the first panel we see Marvel Studios President Kevin Feige on. On Friday, he'll take the stage in Room 6DE to discuss comics with Marvel Comics editor-in-chief C.B. Cebulski.
 

Hollywood 1939

Well-Known Member
The data is out there already. I’d be curious if any discussion relating to theme park projects was in there. But goodness it’s huge
 

monothingie

Nakatomi Plaza Christmas Eve 1988. Never Forget.
Premium Member
Yawn, it's not like there's going to be anything juicy there since we all know Disney has no plan forward.
 

DCBaker

Premium Member
New article from the Wall Street Journal:

Data from Disney’s internal Slack workplace collaboration system have been leaked online, including discussions about ad campaigns, studio technology and interview candidates, according to files viewed by The Wall Street Journal.

An anonymous hacking group that calls itself Nullbulge said in a blog post that it published data from thousands of Slack channels at the entertainment company, including computer code and details about unreleased projects. Slack is widely used within large companies for group communications about strategic initiatives.

The group’s claims about the scope of documents taken and how it obtained them couldn’t immediately be verified. Material viewed by the Journal includes conversations about maintaining Disney’s corporate website, software development, assessments of candidates for employment, programs for emerging leaders within ESPN and photos of employees’ dogs, with data stretching back to at least 2019.

“Disney is investigating this matter,” a spokesman said.

The entertainment giant’s businesses span movies, streaming services Disney+ and Hulu, theme parks, cable TV and sports giant ESPN. It is home to popular franchises including Marvel and Star Wars.

In recent weeks, Nullbulge posted screenshots of documents online that it claimed to have obtained from the company’s Slack channels. Nullbulge said they were excerpts of project descriptions and plans, as well as visit, booking and revenue data from Disneyland Paris.

Nullbulge bills itself as a hacktivist group that advocates for artist rights and chooses its targets based on a set of social, economic or political values. A spokesperson for the group said via an online message that it targeted Disney “due to how it handles artist contracts, its approach to AI, and it’s [sic] pretty blatant disregard for the consumer.”

Those comments hit on ideological rifts emerging in the entertainment industry as advancements in artificial intelligence accelerate. Some artists and activists fear creative work has been scraped from the internet without compensation by large technology companies that use it to power new chatbots and other tools that generate text, image and video responses to user queries. Several tech companies have claimed that scraping the public internet is fair use of work posted there.

Nullbulge released the data because it said it believed that making demands of Disney would be ineffective, the spokesperson said. “If we said ‘Hello Disney, we have all your slack data’ they would instantly lock down and try to take us out. In a duel, you better fire first,” the spokesperson said.

Nullbulge began claiming in May to have accessed Disney’s computer systems, according to Eric Parker, a security researcher who has been following the group’s online activities. He thinks the hacking group is actually a single person. “He’s not doing it for money,” Parker said. “I think this is an attention seeking exercise.”

The hacking group has previously distributed malicious software by hiding it inside free add-ons for videogames and AI-powered image-generation software, security researchers say, a tactic known as a Trojan horse.

The group said that it accessed the information through a Disney manager of software development, whose computer they compromised twice—once using a videogame add-on, and a second time using an undisclosed method. It wasn’t immediately clear how widespread the group’s access to Disney’s Slack system was.

The group in the past has stolen personal information and online credentials and then published them online, including the private information of the Disney employee. The employee didn’t respond to requests for comment.

The public disclosure of company internal messages, code and documents can be highly disruptive to companies and risks undermining their commercial objectives. In 2014, hackers linked to North Korea sent Sony Pictures into chaos, damaging internal systems and publicly releasing email messages, including embarrassing exchanges involving Sony’s co-chairman Amy Pascal, who stepped down months after the incident.

 

MisterPenguin

President of Animal Kingdom
Premium Member
Disney is now facing a class action lawsuit from the limited number of employees (DCL crew specifically) affected by the breach.


Good luck proving systemic gross negligence. Also, good luck not getting tossed because there is no damage that they can point to.

"We want Disney to reimburse us for the damages we incurred."

"What damages exactly."

"Private information made public."

"Yeah, but how did that disclosure cause you damage."

"We don't have anything to point to."

"That's 'zero' then. And that's what we award you: nothing."
 

Register on WDWMAGIC. This sidebar will go away, and you'll see fewer ads.

Back
Top Bottom