Disney is currently looking into a major data breach that was brought on by the hacktivist group NullBulge. The group claims it has gained access to more than one terabyte of data from Disney’s internal Slack channels, which were mostly used by the engineers of the company.
NullBulge stated that they had accessed and exposed thousands of Disney’s internal Slack chat channels on a dark web forum on July 12. They further stated that they had access to computer programs, unpublished project material, raw photos, links to internal APIs, and login credentials.
The compromised components include chats on maintaining Disney’s corporate website, software development, job candidate assessments, ESPN programs for young leaders, and images of workers’ pets.
The breach has exposed data dating back to 2019, indicating a serious security breach in the entertainment company’s communication channels.
At first, the stolen data was thought to be 2.6 GB in size. However, the group later declared they would release a much larger amount of data, suggesting more had been viewed. The attack now appears to have involved around 1.2 terabytes of data, making it more serious than originally believed.
Advocating for Artists Amid AI Controversy
NullBulge Group claims they aim to protect artists’ rights and ensure fair compensation. Rumors claim a link to the LockBit ransomware group, since they appear to be using LockBit’s leaked compiler.
The hacker group, reportedly based in Russia, claimed to have obtained data through “a man with Slack access who had cookies.” According to reports, those connected to the Club Penguin fan community executed the first attack on Disney’s corporate systems.
Club Penguin, a well-known online game once owned by Disney, has a dedicated fan base, some of whom possess sophisticated technological skills. These hackers gained access to Disney’s corporate infrastructure and then took control of Slack and other internal communication platforms.
NullBulge insists that their hack was not malevolent but intended to draw attention to artists’ rights by eliminating theft and establishing a fair environment for artists, especially in light of AI’s rise in the sector. They targeted Disney due to its treatment of artist contracts, AI strategy, and alleged disrespect for customers.
A Disney spokesperson acknowledged that the incident is being investigated. Disney has recently faced criticism and legal difficulties over proper compensation for artists and authors.
Renowned individuals, such as Neil Gaiman, have brought attention to the fact that Disney no longer pays rights to some authors and artists for creations such as graphic novels and novelisations of Disney-owned characters. The people behind popular movies like “Star Wars” and “Alien” were impacted by this issue.
Even with a few significant agreements, many authors and artists continue to advocate for their just compensation. Advisory boards have been established by organisations like the Science Fiction & Fantasy Writers of America (SFWA) have established advisory boards to advocate for these creators and pressure Disney to meet its payment obligations.
There is a growing concern among performers, artists, and designers that the fast spread of generative AI may jeopardise their cost of living and negatively impact the creative environment.
Generative AI may generate novel content that are often identical to those made by people after being taught on large amounts of existing content, including writings, photos, music, and videos. Many writers and artists claim that by utilising their original works to train these AI technologies, AI companies have violated copyright rules.
At Phishing Tackle, we know all too well that security technology is often left incorrectly configured, demonstrated by our free Domain Spoofing Test which currently gets past around 50% of users security systems.
Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Have a look at our free Click-Prone® Test to find out how many of your staff are susceptible to a phishing attack and learn how you can reduce this number today.