Hackers Claim Massive Data Breach of Disney's Internal Slack Messages

Hacking Group Claims Breach Of Disney Slack Messages

An activist hacking group claimed that it was able to breach the internal messaging channels of The Disney Company, and leaked thousands of messages, which included raw images, a number of logins, and even unreleased projects. The group, called Nullbulge, claimed responsibility for the attack. The hackers claim that they leaked approximately 1.2 terabytes of information, gained from the Slack program used by Disney. According to CNN, the group sent an email to the news outfit on Monday, saying that it was able to gain access to the mentioned files through "a man with Slack access who had cookies." The email also claimed that they were based out of Russia. "The user was aware we had them, he tried to kick us out once but let us walk right back in before the second time," the email claimed. Despite this, CNN said that it was not able to verify the group's claims. On Monday, Disney released a statement and said that it was investigating the matter. The hacking group stated in an email that its goal was to protect the rights of artists and their compensation. It said Disney was targeted because of the way that it handles artists' contracts, its approach to artificial intelligence, and the company's "blatant disregard for the consumer," The Verge reported. The group's actions show that it has openly targeted Disney. For instance, it posted on X what was supposed to be revenue data, including visitor and booking for Disneyland Paris. During the Screen Actors Guild and the Writers Guild of America, AI was among the points that were difficult to reach agreement. Actors feared that CGI could replace them, while writers were afraid that ChatGPT would be able to write scripts instead of them. "If we said 'Hello Disney, we have all your slack data' they would instantly lock down and try to take us out. In a duel, you better fire first," as what was found in the statement. According to the hackers, making demands from the company would be futile, so they leaked the data instead.

Hacktivists Leak 1 Terabyte of Disney's Internal Slack Messages

The threat actor behind the alleged breach claims it is a "hacktivist" group dedicated to defending artists from generative AI. A cybercriminal claims to have leaked a large tranche of corporate data stolen from Disney. The supposed 1.1 terabyte data haul includes a large number of internal Slack messages, which the hackers claim were stolen from as many as 10,000 internal messaging channels. The Wall Street Journal reports that a threat actor calling itself “NullBulge†has claimed responsibility for the hacking episode. It's unclear when the supposed breach occurred, though the contents of the conversations reportedly include "unreleased projects, code, images, login credentials, and links to internal websites and APIs." Not much information is available yet about the specifics of the data that has been leaked. When reached for comment by Gizmodo, a Disney representative said merely: “Disney is investigating this matter." “The attack has only just started, but we have some good shit. To show we are serious, here is 2 files from inside,†the hacker group recently posted to its breach site. NullBulge describes itself as a “hacktivist group protecting artists’ rights and ensuring fair compensation for their work,†Wired writes. The group also claims it believes "AI-generated artwork harms the creative industry and should be discouraged†and that it considers any “theft from Patreons, other supportive artist platforms, or artists in general†to be a "sin." Whether "Bulge" actually has anything to do with hacktivism or is just some random dark web low-life posing as a Good Samaritan is anybody's guess. That said, the criticism that artificial intelligence companies are stealing from artists is well worth investigating. Many critics have offered the conjecture that AI "is theft" due to the industry's business model, which revolves around hoovering up insane amounts of proprietary data and then using that data to train content-generating algorithms, which can then proceed to produce material that, more often than not, looks a lot like the work that trained the algorithm. At this point, AI companies have been sued countless times by creatives, many of whom argue that their work has been ripped off. But there has yet to be a decisive legal precedent set by the courts. Last year, amidst the heights of AI hype, Disney launched a task force to investigate how it could integrate artificial intelligence into the core areas of its business.

A group of hacktivists steals over 1 terabyte of data from an internal Disney server - Softonic

Nullbulge claims that it aims to protect the rights of artists and ensure fair compensation for their work. A group of hacktivists known as Nullbulge claims to have leaked thousands of internal Disney channels on Slack, including information about unreleased projects, raw image codes, and some login credentials. The security breach involved a massive theft of approximately 1.2 terabytes of data from the platform's server. The group explained in an email to CNN that they gained access through "a man with Slack access who had cookies" and is based in Russia. The email specified that "the user was aware that we had [the cookies], they tried to kick us out once, but let us back in before the second". Disney, on the other hand, announced on Monday that "they are investigating this matter". Nullbulge justified their attack by claiming to seek to protect the rights of artists and ensure compensation for their work, especially in the era of artificial intelligence. "Disney was our target because of how they handle artist contracts, their approach to AI, and their rather blatant disregard for the consumer," they pointed out in their email. Artificial intelligence has been a subject of controversy in negotiations between Hollywood actors' unions and American screenwriters. Screenwriters fear that tools like ChatGPT can write scripts, while actors fear being replaced by computer-generated images. During the last few weeks, Nullbulge hinted at their plans through their social media channels. For example, in June they posted on Twitter visitor data, reservations, and revenue from Disneyland Paris. The hackers explained that they decided to leak the data because making demands to Disney would be useless. "If we were to say 'Hello Disney, we have all your loose data', they would instantly block us and try to eliminate us. In a duel, it's better to shoot first", they argued in their email.

Hackers claim Disney data theft in protest against AI-generated artwork

NullBulge group said it was leaking files from Disney's internal Slack channel to 'protect artists' rights' Hacktivists claim to have stolen more than a terabyte of data from Disney's internal chat platform and are leaking the information online in a protest against what they say is the company's anti-artist stance. The group, which calls itself NullBulge, has been active since at least May. It claims to be motivated by a desire to "protect artists' rights and ensure fair compensation for their work". On Friday, it published the entirety of Disney's internal Slack channel online through the decentralised BitTorrent filesharing platform. Unlike many corporate hackers, NullBulge seems not to be interested in financial rewards. The group did not publicly request a ransom from Disney, and posted the first selection of files from its stolen dataset almost immediately. "Here is one I never thought I would get this quickly," the group's anonymous spokesperson said alongside the initial release. "Disney. Yes, that Disney. The attack has only just started, but we have some good shit." Others question the group's motivations, however. Ilia Kolochenko, the chief executive of the cybersecurity firm ImmuniWeb, said the claims could simply be "a well thought-out smokescreen to mask the true identities and real motives of the hackers". "Hacktivists are highly unlikely to run operations of such scale to protect intellectual property and the rights of artists," Kolochenko added. Nonetheless, NullBulge's methods have previously been in tune with its stated ideology. In June, a popular plugin for the AI image generator Stable Diffusion was found to have been compromised by the group. That tool, which provided an easy to use interface for the image generator, was updated to include malware from the hackers, which they used to steal further login credentials and extend their footprint in turn. The group says it breached the Disney network through a developer who installed another tool it had compromised, a video game mod. Its website features something close to a mission statement. "You Hacked Me Why?", it asks. "We are sorry we had to do that to you, but we only do it if you have committed one of our sins. "Crypto Promotion: We do not condone any form of promoting crypto currencies or crypto related products/services. AI artwork: We believe AI-generated artwork harms the creative industry and should be discouraged. Any form of Theft: Any theft from Patreons, other supportive artist platforms, or artists in general." Even the name of the group is evocative: Nullbulge's mascot is an anthropomorphic - "furry" - lion, covered in blue slime, with a noticeable bulge in its crotch. In a statement to the Wall Street Journal, Nullbulge added that it released the data immediately because it felt it would be "ineffective" to make demands of Disney: "If we said 'Hello Disney, we have all your slack data' they would instantly lock down and try to take us out. In a duel, you better fire first."

Hackers leak Disney's internal Slack communications online - report (NYSE:DIS)

Data from Disney's (NYSE:DIS) Slack channels, which contain discussions about ad campaigns, studio technology, and interview candidates, have been leaked online by hacker group Nullbulge, the Wall Street Journal reported on Monday. In a blog post, Nullbulge said it published data from "thousands of Slack channels" at the Burbank, California-based company, including computer code and details about unreleased projects. The leaked data includes conversations about maintaining Disney's corporate website, software development, and even photos of employees' dogs, among other things, going back as far as 2019 at the least, the report said, citing materials viewed by WSJ. A Nullbulge spokesperson, via an online message, said that it targeted the entertainment company "due to how it handles artist contracts, its approach to AI, and it's [sic] pretty blatant disregard for the consumer." The group accessed the information through a Disney software development manager, whose computer they compromised twice -- once using a videogame add-on and a second time using an undisclosed method, the report said.

Disney investigating massive leak of internal messages

Disney has confirmed it is investigating an apparent leak of internal messages by a hacking group, which claims it is "protecting artists' rights". The group, Nullbulge, said it had gained access to thousands of communications from Disney employees and had downloaded "every file possible". It is not clear how commercially sensitive the information is for the media and theme park giant, but it is reported to include messages about upcoming projects the firm is working on. "Disney is investigating this matter," a company spokesperson told the BBC in an email. Nullbulge's website says the group targets anyone it believes is harming the creative industry by using content generated by artificial intelligence (AI), which it describes as "theft". The BBC has made contact with the hackers who claim to be in Russia and say they got into Disney's internal Slack messaging system through an insider. But when asked for a sample of the stolen data to verify its authenticity, the hackers did not respond - meaning the BBC has not been able to independently assess if the huge data trove is genuine. "Disney was our target due to how it handles artist contracts, its approach to AI, and its pretty blatant disregard for the consumer," the hackers claimed. They said they released the data because they didn't expect Disney to meet their demands to stop using AI. It is unusual for hackers to claim they are "Russian hacktivists" with an ethical agenda - most cyber criminals, including those in Russia, aim to make money by extorting their victims.

Disney Suffers Major Data Breach As Hackers Leak Internal Slack Data: Report - Walt Disney (NYSE:DIS)

Hackers leaked Disney's internal Slack data.Nullbulge targeted Disney over AI and artist contracts. Walt Disney Co DIS has suffered a significant data breach. What Happened: An anonymous hacking group known as Nullbulge leaked sensitive internal data from the Burbank, California-based company's Slack channels. The Wall Street Journal reported the leaks, which include discussions about ad campaigns, studio technology, and candidate interviews. Nullbulge claimed responsibility for the breach to WSJ, stating they accessed thousands of Slack channels. Also Read: Walt Disney Q2 Earnings: Profit Beat, Moderating Parks Growth, Password-Sharing Crackdown And More The group published computer code, details about unreleased projects, and conversations about maintaining Disney's corporate website. The data reportedly spans back to 2019. Disney is currently investigating the breach. Why It Matters: In recent weeks, Nullbulge shared screenshots of documents, claiming they obtained project descriptions, plans, and financial data from Disneyland Paris. The group targets companies based on social, economic, or political values, citing Disney's handling of artist contracts and AI approaches as reasons for the breach. The hackers reportedly compromised a Disney software development manager's computer twice, gaining access to internal systems. The group's actions recall the 2014 Sony Pictures hack, which caused significant disruption and led to the resignation of Sony's co-chairman, Amy Pascal. AT&T Inc T fell prey to a data breach after culprits compromised Snowflake Inc SNOW. During the data thefts, hackers stole records from the cloud Snowflake, enabling them to steal the phone records of AT&T customers. Advanced Micro Devices, Inc AMD also confirmed a cyberattack that did not affect critical data or operations. Price Actions: DIS shares are trading higher by 0.01% at $96.88 premarket at the last check Tuesday. Also Read: AI Is Going Well For Microsoft, But Cybersecurity Is Not Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Market News and Data brought to you by Benzinga APIs

Hacktivist group leaks Disney's internal data, reveals unreleased projects - WSJ By Investing.com

Investing.com - 'Hacktivist' group Nullbulge has obtained data from Disney 's internal Slack collaboration system, according to files reviewed by The Wall Street Journal. The group behind the leak, stated in a blog post that it had released data from thousands of Slack channels within the entertainment company. The data included computer code and details about projects that have yet to be announced. Slack is commonly used within large corporations for group discussions about strategic initiatives. The veracity of the group's claims regarding the extent of the documents taken and the way they were obtained could not be confirmed immediately. The leaked material, as per the Journal, consists of conversations about maintaining Disney's corporate website, software development, assessments of job candidates, initiatives for emerging leaders within ESPN, and even photos of employees' dogs, with data dating back to at least 2019. A representative for Disney confirmed that the company is looking into the matter. ⚠️Stay updated with the latest news using InvestingPro! Our Summer Sale is now on, click here to save over 50%!⚠️ The hacking group recently posted screenshots of documents online that it claimed to have obtained from Disney's (NYSE:DIS) Slack channels. These alleged documents included excerpts of project descriptions and plans, as well as visit, booking, and revenue data from Disneyland Paris. Nullbulge identifies itself as a hacktivist group advocating for artist rights and selects its targets based on specific social, economic, or political values. According to a spokesperson for the group, Disney was targeted due to its handling of artist contracts, its approach to AI, and its alleged disregard for consumers. The release of the data was motivated by the belief that making demands of Disney would be futile, the spokesperson added. Nullbulge first claimed to have accessed Disney's computer systems in May, according to Eric Parker, a security researcher. Parker suspects that the group is actually a single individual seeking attention. The group reportedly accessed the information through a Disney software development manager, whose computer they compromised twice. The group has previously stolen personal information and online credentials, which they then published online, including the private information of the Disney employee in question. The public disclosure of a company's internal messages, code, and documents can cause significant disruption to a company and potentially undermine its commercial objectives.

Disney Says It's Investigating Reported 1.2TB Hack of Its Internal Documents - IGN

A hacker group claims to have obtained a trove of data from Disney's internal Slack. Disney is looking into a claim by a hacker group that it's stolen 1.2TB of internal data from the company's Slack channels, including information about upcoming projects, ad campaigns, company logins, and more. "Disney is investigating this matter," a company spokesperson said in a brief statement to THR on Monday. IGN has reached out to Disney for further comment. As reported by the Wall Street Journal earlier on Monday, a hacker group calling itself Nullbulge said in a blog post that it had published thousands of messages from Disney's internal Slack channels. The hackers say that the data they've collected spans "10,000 channels, every message and file possible," including "unreleased projects, raw images and code, some logins, links to internal api/web pages, and more." The contents from those messages have already started to make the rounds online, including alleged details about a sequel to Aliens Fireteam Elite (via Eurogamer) and a Fortnite x Disney collaboration (via Sports Illustrated). Nullbulge calls itself a "hacktivist group," and claims that it's focused on "protecting artists' rights and ensuring fair compensation for their work." The group told WSJ that it targeted Disney "due to how it handles artist contracts, its approach to AI, and it's [sic] pretty blatant disregard for the consumer." It added that it went directly to releasing data, rather than making threats, because it felt Disney would "instantly lock down" if made aware of the hack. If confirmed to be authentic, Disney would only be the latest company to be subject to a major cyberattack. Late last year, Insomniac Games had a number of unannounced projects and a large amount of internal data published online by a ransomware group after Sony reportedly refused to meet their demands. A hacker last year also released dozens of in-development Grand Theft Auto 6 clips, apparently by accessing Rockstar's internal systems, and was sentenced to indefinite imprisonment in a secure hospital. Film and television has been slightly less susceptible to widespread hacks, barring the massive, industry-rocking one of Sony Pictures Entertainment in 2014. Other entertainment-adjacent companies, including Roku, Ticketmaster, and AT&T, have also been the victims of recent cyberattacks. Thumbnail credit: AaronP/Bauer-Griffin/GC Images

Report: Disney Data Leaked After Hack of Its Slack System

Disney has reportedly suffered a hack of its Slack system, with data from thousands of the channels of the company's workplace collaboration system being leaked online. The data goes back as far as 2019 and includes material ranging from discussions about ad campaigns to assessments of job applicants to photos of employees' dogs, The Wall Street Journal (WSJ) reported Monday (July 15), saying it had viewed the material. A Disney spokesperson said in the report: "Disney is investigating this matter." The material was published by an anonymous hacking group called Nullbulge, though its claims about how much data it has and how it obtained it could not be independently verified, according to the report. The group has previously used Trojan horse tactics to distribute malicious software, hiding it in free add-ons for games and artificial intelligence (AI) image generation software, the report said. This reported hack comes about 10 years after another entertainment company, Sony Pictures Entertainment, suffered a massive computer hack that rocked the entertainment world. In that case, the hackers revealed personal emails between Sony Pictures executives, leaked financial documents, and compromised the personal information of more than 47,000 celebrities, freelancers, and current and former Sony employees. The hack also comes during what PYMNTS has dubbed "the year of the cyberattack," following damaging attacks on at least a dozen companies and other organizations. In the last year, 82% of eCommerce merchants endured cyber or data breaches, with 47% saying the breaches resulted in both lost revenue and lost customers, according to "Fraud Management in Online Transactions," a PYMNTS Intelligence and Nuvei collaboration. Containing the impact of a single data breach before it can ripple throughout an entire ecosystem is top of mind for banks, FinTechs and businesses alike, PYMNTS reported Thursday (July 11). When data is compromised, there can be cascading consequences due to the interconnected nature of financial systems. Because the average consumer has multiple financial accounts, and many FinTech platforms link to traditional bank accounts, credit cards and other financial services, a breach in one system can provide access to others, allowing fraudsters to exploit multiple services.

Hacker group claims to have stolen over 1TB of Disney's internal data - Times of India

Walt Disney reportedly suffered a data breach with a hacking group claiming to have over 1TB of the company's data. According to a report by Wall Street Journal, a hacking group named Nullbulge has published data from thousands of Slack channels at the entertainment giant. This included information about Disney's planned projects, some log-in information, computer code and more. What the hacker claims? As per the report, Nullbulge said it accessed "almost 10,000 channels" to dump "every message and file possible." The identity of the group remains anonymous but its mission includes advocating for artist rights. The Wall Street Journal report stated that the company's artist contracts, "approach to AI," and "blatant disregard for the consumer" motivated the group to target the entertainment company. The Nullbulge group has leaked the information on its X account. Providing a link to the data, it wrote in a post - "#Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it." Another post from July 4 shows a dashboard with the daily attendance at Disneyland Paris. "Daym disneyland paris be makin money!... Dont worry how we got this image ;)#Disney #Disneyland #DisneylandParis Soon...," read the post. Disney is reportedly investigating the matter. Recently, US telecommunications giant AT&T reportedly paid a hacker $370,000 to delete millions of stolen customer records. According to a report by Wired, the payment, made in cryptocurrency, was part of a negotiation to secure the deletion of sensitive customer data obtained through a major security breach. The breach, which occurred between May 2022 and January 2023, exposed call and text message metadata for millions of AT&T customers. While AT&T claims the stolen information did not include message content or customer names, a security researcher found that reverse lookups could potentially identify individuals associated with the compromised phone numbers The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk's news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

Disney Hacked: Group Claims to Have Trove of Data, Company Investigating

Roku Picks Up 'Good Morning Football' as NFL Readies Relaunch of Show The entertainment giant is the apparent victim of a cybersecurity incident, with hackers claiming to posses more than one terabyte of data from the company. "Disney is investigating this matter," a spokesperson tells The Hollywood Reporter. The hacktivist group "Nullbulge" is claiming responsibility for the hack. The group describes itself as "a hacktivist group protecting artists' rights and ensuring fair compensation for their work." The leaked information includes a trove of internal communications from Disney, images, logins, studio information, ad campaigns and other information, almost all appearing to be from the Salesforce-owned communications platform Slack. The incident is the latest in a string of cyberattacks that have targeted media and telecom companies this year. In the spring, Roku said that more than half a million accounts were compromised in a data breach. In may, Ticketmaster owner Live Nation said that it had been the victim of an attack, with "criminal threat actors" selling user data on the dark web. And earlier this month AT&T disclosed an astonishing incident in which "nearly all" of its wireless customers had their call and text records obtained (though importantly the content of the messages was not breached). Both the Ticketmaster and AT&T hacks involved a third-party cloud provider called Snowflake, though there is no indication as of now that the Disney hack is connected. In the case of Nullbulge, the hacktivist group told The Wall Street Journal it targeted Disney "due to how it handles artist contracts, its approach to AI, and it's [sic] pretty blatant disregard for the consumer."