Disney’s internal Slack channels have suffered a serious breach that resulted in hackers stealing more than one terabyte of data, according to the hacktivist group which alleges to be behind the attack.
The group, which calls itself NullBulge, alleges that the stolen data encompasses information from 10,000 Slack channels that were reportedly used by the conglomerate’s developers for communication and collaboration.
According to the post where the group first wrote of the breach, the data stolen includes all messages and files shared within these channels. Other information they allegedly got their hands on are “unreleased projects, raw images, code, logins, links to internal API/web pages, and more!” per the post on the cybercrime and hacker platform Breach Forums.
Unconfirmed reports suggest that the leak includes information from Slack chats filled with employee files, various screenshots, images of pets, phone numbers, and other personal details that employees commonly share over the office messaging app.
The group also shared the news about the attack on X.
“Disney has had their entire dev Slack dumped. 1.1 TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? Go grab it,” the attackers said in an X post.
The attackers’ blog post alleges that the heist was facilitated by an insider collaborator. The cybercriminals claimed their access was cut short because “our inside man got cold feet and kicked us out!”
The leak remains unconfirmed, but if all of this information was in fact stolen, the dataset could become a valuable resource for cybercriminals.
As for the NullBulge Group, not much is known about it. Their official website states that the group aims to protect artists’ rights and ensure fair compensation for their work. Some reports suggest these hackers might be linked to the LockBit ransomware gang, as they appear to be using LockBit’s leaked builder.