The hacking activism group asserted that they were able to gain access to Disney's Slack by means of an insider who had cookies installed on their system.
An extensive data breach at Disney has been attributed to a group known as "hacktivists." The organization, known as "Nullbulge," claims to have stolen data from Disney's internal Slack channels totaling over 1.2 terabytes. Messages, files, unfinished projects, unprocessed photos, computer codes, and certain login information are all included in this data.
Nullbulge clarified in an email to CNN on Monday that they were able to enter Disney's Slack by means of an insider who possessed cookies, which gave them access. The insider attempted to delete them at first, but according to the email, they were able to return "right back in before the second time."
The hacking activist organization leaked 1.2 terabytes of data last week, apparently from Disney's Slack archive. The data purportedly included nearly 10,000 channels with a wealth of information, including private information about upcoming projects and internal websites. The stolen information was taken down from BreachForums after it was first posted there. But it's still available on a number of mirror sites, according to Wired.
The Russian group NullBulge says it would uphold artists' rights and guarantee just pay. Companies that promote cryptocurrency, use AI-generated art, or steal from artists or platforms that support them are the three "sins" that they target. They stated in the email that Disney was their target because of "its pretty blatant disregard for the consumer, its approach to AI, and how it handles artist contracts."
After reviewing the stolen material, Roei Sherman, Field CTO at Mitiga Security, attested that "everything looks legit - a lot of URLs, conversations of employees, some credentials, and other content," according to Wired.
In response to the hack, he stated, "Companies are getting breached all the time," adding that he was not shocked that a massive company like Disney could be impacted to this extent. "Data theft from the cloud and software-as-a-service platforms" is a typical occurrence these days, according to him, because it is "easier for attackers and holds bigger rewards".
He issued a warning, saying, "Opportunistic threat actors will probably target Disney a lot more now."
