Disney Cuts Ties with Slack Following Major Data Breach

Disney says most of its business will stop using Slack by the end of the year

"Hacktivist" group NullBulge didn't like that Disney uses AI to generate some of its artwork, so it leaked a whopping 1.1 terabytes of data from the entertainment giant's internal Slack archive in July. "I would like to share that senior leadership has made the decision to transition away from Slack across the company," Hugh Johnston, Disney's chief financial officer, said in an email to staffers on Wednesday, which was obtained by Status. "Our technology teams are now managing the transition off Slack by the end of Q1 FY25 for most businesses." Many teams at Disney -- which employs about 220,000 people -- have already started transitioning to other collaboration tools, according to the memo. By the end of Q1 2025, Disney will have transitioned off Slack, but some "more complex use cases" may not be completed until the end of the subsequent quarter, the memo said. Slack, which is owned by Salesforce, did not respond to Fortune's request for comment, and neither did its parent company. "Data breaches have become disturbingly routine, but Disney's incident is a stark reminder that we've entered a new era of corporate vulnerability," Ameesh Divatia, CEO of cloud data-protection company Baffle, told Fortune. "This isn't just about leaked customer emails anymore -- it's potential corporate espionage on a silver platter. While breaches are common, the scale and nature of this one set it apart." Disney also did not respond to Fortune's request for comment about which platform it intends to transition to early next year or exactly how many of its employees were affected by the breach. NullBulge, a new hactivist group that emerged earlier this year, stole data that allegedly included every message and file from almost 10,000 internal Disney Slack channels, including unreleased projects, code, images, login information, and links to internal websites. Many of the topics and documents discussed by Disney employees were confidential, according to The Wall Street Journal, which saw leaked files from the company's Slack. NullBulge claims its focus is on "protecting artists' rights and ensuring fair compensation for their work." This has become an increasingly important -- and hot-button issue -- in entertainment after back-to-back strikes from workers demanding higher pay and implementing AI-use standards. In June, a union representing Hollywood film and television crews reached a tentative three-year deal with major studios to meet those demands. However, some cybersecurity experts think the hackers' intentions are fishy. "Hacktivists are highly unlikely to run operations of such scale to protect intellectual property and the rights of artists," Ilia Kolochenko, CEO at ImmuniWeb, told Infosecurity Magazine. Instead, the group was more likely to have wanted to blackmail Disney or censor certain content topics from its library. It's hard to say, however, exactly why NullBulge was able to hack Disney's Slack channels. Possibilities include a misconfiguration of their messaging applications, weak security practices, outdated software, human error, and other vulnerabilities. "With larger companies, there is a greater risk for human error because you have a larger number of employees who are accessing your company data around the world," Dan Schiappa, chief product officer at cybersecurity company Arctic Wolf, told Fortune. "Each one of these people and their workstations is a new potential risk, making it critical that organizations have full and clear visibility into their IT environment to catch any vulnerabilities or out-of-the-norm behaviors." So in the end, it may not completely be Slack's fault after all, cybersecurity experts say. "No single platform is impenetrable," Divatia said. "Trusting your company's secrets to any one system is a recipe for disaster. The focus needs to shift from securing communication channels to protecting the data itself, regardless of where it resides or how it's transmitted. The root of the problem often lies in how data is managed within these platforms, not necessarily the platforms themselves."

Why Disney may have decided to stop using Salesforce's Slack communication platform - Times of India

Walt Disney has reportedly announced plans to stop using Salesforce's Slack team communication platforms as the company-wide workplace collaboration system. This decision comes after a major data breach involving the hacking group NullBulge. The leaked data, which included over a terabyte of information, allegedly exposed sensitive details such as computer code and unreleased projects of Disney.The data breach exposed more than 44 million messages from Disney's Slack workplace communications tool, the Wall Street Journal reported earlier this week. How Disney is making this transition A report by the news agency Reuters citing the Status media newsletter noted that Disney's CFO, Hugh Johnston has confirmed that most of the company's businesses will discontinue their use of Slack by the end of the year. Teams within Disney have already begun migrating to alternative enterprise-wide collaboration tools, the report added. While Disney and Salesforce's Slack are yet to issue any official statements, the data breach has prompted the company to reassess its reliance on the platform. SentinelOne's threat intelligence and malware analysis team revealed that NullBulge, the hacking group responsible for the breach, targeted Disney by exploiting code on collaborative coding platforms like GitHub and Hugging Face. The hackers reportedly tricked users into downloading malicious files to compromise Disney's systems. In July, the hacker group shared a post on social media platform X (earlier Twitter) to reveal the data stolen from Disney. Recently, US telecom operator AT&T paid a hacker $370,000 in cryptocurrency to delete millions of stolen customer records. The data breach exposed call and text message metadata for millions of customers. While AT&T claims customer names and message content were not exposed, a security researcher found that reverse lookups could potentially identify individuals linked to the compromised phone numbers. The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk's news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

Disney to stop using Salesforce-owned Slack after hack exposed company data

Walt Disney plans to transition away from its use of Slack as a companywide workplace collaboration system, after a hacking entity leaked online more than a terabyte of company data, according to a report in the Status media newsletter. Disney's CFO Hugh Johnston said most of the media and entertainment company's businesses would stop using the service later this year, the report said. Click here to connect with us on WhatsApp Many teams have already started transitioning to streamlined enterprise-wide collaboration tools, according to the report. Disney and Salesforce's Slack did not immediately respond to Reuters requests for comment. Hacking group NullBulge had published data from thousands of Slack channels at the entertainment giant, including computer code and details about unreleased projects, the Wall Street Journal reported in July. The data spans more than 44 million messages from Disney's Slack workplace communications tool, WSJ reported earlier this month. More From This Section Taiwan questions head of pager firm linked to recent Hezbollah blasts Google antitrust trial: Documents say one thing, witnesses something else Eli Lilly wants records of people who took copies of its weight-loss drug Social media users lack control over data used by AI, says US FTC Donald Trump's new tariff plan falls well short of filling his budget hole The company had said in August it was investigating an unauthorized release of over a terabyte of data from one of its communication systems. NullBulge compromises software supply chains by exploiting code on GitHub and Hugging Face, collaborative coding platforms, and tricks users into downloading malicious files, as per SentinelOne's threat intelligence and malware analysis team. (Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.) Also Read Network18 Media & Investments gets 3 months extension for convening AGM Newly merged Star India-Viacom18 to boast cash reserves of over Rs 19K cr Disney, DirecTV fail to reach distribution deal, subscribers lose access Deal with Disney marks new era in entertainment industry: Mukesh Ambani CCI gives nod to $8.5 bn Disney-Reliance media assets merger deal

Report: Disney Cuts Ties With Slack After Data Heist | PYMNTS.com

Disney reportedly plans to stop using workplace collaboration platform Slack following a recent data breach. Chief financial officer Hugh Johnston announced the change this week, the Wall Street Journal (WSJ) reported Thursday (Sept. 19), citing an internal memo reviewed by the news outlet. That memo said many teams at the entertainment behemoth had begun switching over to "streamlined enterprise-wide collaboration tools." "Where we have opportunities to leverage more integrated tools and platforms we should," the memo said. The move comes after a hacker stole a terabyte worth of data -- including 44 million messages and more than 18,800 spreadsheets and at least 13,000 PDFs -- and leaked it online. This included financial and strategy information, the WSJ said, along with personally identifiable information for employees and customers. PYMNTS has contacted Disney and Slack-owner Salesforce for comment but has not yet gotten a reply. As covered here in July, the material was published by an anonymous hacking group known as "Nullbulge," which has used Trojan horse tactics to distribute malicious software, hiding it in free add-ons for games and AI image generation software. The hack comes in the midst of what PYMNTS has called "the year of the cyberattack," following damaging attacks on several high-profile companies and organizations. In the past year, 82% of eCommerce merchants suffered cyber or data breaches, with 47% saying the breaches resulted in both lost revenue and lost customers, according to "Fraud Management in Online Transactions," a PYMNTS Intelligence and Nuvei report. As PYMNTS wrote soon after the Disney breach was reported, this sort of incident underlines the need for fault tolerance. The stakes are high, that report added, noting that breaches can cost companies millions, harm reputations and weaken customer trust. To reduce these risks, the emphasis must pivot from a purely preventive approach to a strategy that balances prevention with robust response and recovery. "The barrier for entry has never been lower for threat actors," Sunil Mallik, chief information security officer at Discover® Global Network, told PYMNTS in a recent interview, adding that the cost of computing power has decreased drastically over the past decade, making it easier for criminals to get access powerful tools and carry out sophisticated attacks. "It's a combination of defenses at the human layer, controls at the network layer, application layer and business process layer," Mallik added. "This is complemented by continuous monitoring of the external threat environment."