Disney faces major data breach

Disney faces major data breach

Disney faces major data breach | Insurance Business Australia

Cyber

Disney faces major data breach

Hacktivist group claims inside job

Cyber

By
Roxanne Libatique

Disney is probing a substantial data breach after a hacktivist group claimed to have infiltrated the company’s internal Slack channels, leaking around 1.2 terabytes of data online, including unreleased projects.

According to Sky News’s report, NullBulge – which describes itself as an advocate for artists’ rights and fair compensation – released messages and files from close to 10,000 internal channels, including raw images, code, logins, and links to internal websites.

It claimed that it gained access through an “inside man,” identified as the manager of software development at The Walt Disney Company. However, it said the collaborator got “cold feet” before further information could be accessed. Subsequently, the employee’s private information was disclosed as retaliation.

“We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special [name redacted],” the group said in a blog post, as reported by Sky News. “Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future.”

In an email to CNN, NullBulge said they gained access through “a man with Slack access who had cookies.”

Sky News said it contacted the Disney employee accused of providing access for a comment but has not yet confirmed whether they collaborated with the group or fell victim to hostile malware that granted NullBulge access to staff accounts.

See also  Is Geico cheaper than the general?

Hacktivist group NullBulge’s targets

The hacktivist group further stated that its targets are chosen for committing one of three “sins”:


promoting cryptocurrency
using AI-generated artwork
theft, including from artists

“We do not condone any form of promoting crypto currencies or crypto-related products/services,” reads the group’s website, further stating that it believes “AI-generated artwork harms the creative industry and should be discouraged.”

“Healthed, an Australian education provider to the healthcare profession, confirms that late yesterday, it became aware of a vulnerability within the Healthed website, traced to work undertaken by a third-party contractor,” a spokesperson for Healthed told Cyber Daily.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!