Data from Disney’s internal Slack workplace collaboration system have been leaked online, including discussions about ad campaigns, studio technology and interview candidates, according to files viewed by The Wall Street Journal.
An anonymous hacking group that calls itself Nullbulge said in a blog post that it published data from thousands of Slack channels at the entertainment company, including computer code and details about unreleased projects. Slack is widely used within large companies for group communications about strategic initiatives.
The group’s claims about the scope of documents taken and how it obtained them couldn’t immediately be verified. Material viewed by the Journal includes conversations about maintaining Disney’s corporate website, software development, assessments of candidates for employment, programs for emerging leaders within ESPN and photos of employees’ dogs, with data stretching back to at least 2019.
“Disney is investigating this matter,” a spokesman said.
The entertainment giant’s businesses span movies, streaming services Disney+ and Hulu, theme parks, cable TV and sports giant ESPN. It is home to popular franchises including Marvel and Star Wars.
In recent weeks, Nullbulge posted screenshots of documents online that it claimed to have obtained from the company’s Slack channels. Nullbulge said they were excerpts of project descriptions and plans, as well as visit, booking and revenue data from Disneyland Paris.
Nullbulge bills itself as a hacktivist group that advocates for artist rights and chooses its targets based on a set of social, economic or political values. A spokesperson for the group said via an online message that it targeted Disney “due to how it handles artist contracts, its approach to AI, and it’s [sic] pretty blatant disregard for the consumer.”
Those comments hit on ideological rifts emerging in the entertainment industry as advancements in artificial intelligence accelerate. Some artists and activists fear creative work has been scraped from the internet without compensation by large technology companies that use it to power new chatbots and other tools that generate text, image and video responses to user queries. Several tech companies have claimed that scraping the public internet is fair use of work posted there.
Nullbulge released the data because it said it believed that making demands of Disney would be ineffective, the spokesperson said. “If we said ‘Hello Disney, we have all your slack data’ they would instantly lock down and try to take us out. In a duel, you better fire first,” the spokesperson said.
Nullbulge began claiming in May to have accessed Disney’s computer systems, according to Eric Parker, a security researcher who has been following the group’s online activities. He thinks the hacking group is actually a single person. “He’s not doing it for money,” Parker said. “I think this is an attention seeking exercise.”
The hacking group has previously distributed malicious software by hiding it inside free add-ons for videogames and AI-powered image-generation software, security researchers say, a tactic known as a Trojan horse.
The group said that it accessed the information through a Disney manager of software development, whose computer they compromised twice—once using a videogame add-on, and a second time using an undisclosed method. It wasn’t immediately clear how widespread the group’s access to Disney’s Slack system was.
The group in the past has stolen personal information and online credentials and then published them online, including the private information of the Disney employee. The employee didn’t respond to requests for comment.
The public disclosure of company internal messages, code and documents can be highly disruptive to companies and risks undermining their commercial objectives. In 2014, hackers linked to North Korea sent Sony Pictures into chaos, damaging internal systems and publicly releasing email messages, including embarrassing exchanges involving Sony’s co-chairman Amy Pascal, who stepped down months after the incident.
