‘Nullbulge’ hackers claim to have carried out major cyber attack on Disney

‘Nullbulge’, described as a hacktivist group protecting artists' rights and ensuring fair compensation for their work, says it has leaked 1.1-TB of data from entertainment giant Disney's internal Slack archive.

Nullbulge told the Wall Street Journal it targeted Disney "due to how it handles artist contracts, its approach to AI, and its … pretty blatant disregard for the consumer".

Slack is a cloud-based program largely used by workplaces to communicate online.  Security researchers have long warned about corporate Slack accounts as a treasure trove for attackers if compromised. The popular team communication platform is owned by Salesforce and is used by an array of prominent organisations, including IBM, Capital One, Uber, and Disney rival Paramount.

The data breach allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs.

‘Nullbulge’ shared screenshots of documents the group allegedly downloaded on social media platform X, showing revenue from Disneyland Paris and what seems to be new streaming models for Disney+.  

Disney has yet to confirm the breach with a Disney spokesperson telling the Wall Street Journal that the company “is investigating this matter.”

Image. Walt Disney World Resort. Credit: Chris Czlapka/Flickr.