July 2024 Disney Breach

In July 2024, a hacktivist group called NullBulge claimed responsibility for a massive data breach at Disney, leaking approximately 1.2 terabytes of internal communications from the company's Slack channels. The leaked data allegedly contained sensitive information about unreleased projects, raw images, computer codes, login credentials, and internal communications spanning back to at least 2019. The group, which claims to be based in Russia, positions itself as a protector of artists' rights and fair compensation, particularly in the context of artificial intelligence adoption. They specifically targeted Disney due to three main concerns: the company's handling of artist contracts, its approach to AI, and what they perceived as disregard for consumers. The breach methodology appears to involve compromised employee credentials, though the exact method remains disputed. NullBulge claims they gained access through "a man with Slack access who had cookies," while security researchers suggest the breach might have occurred through malware-infected software, including a video game modification tool or an AI image generator plugin called Comfy_LLMVISION. The scope of the breach is significant, allegedly including: - Messages and files from nearly 10,000 Slack channels - Information about unreleased projects - Raw images and computer codes - Login credentials - Links to internal websites and APIs - Corporate website maintenance discussions - Software development information - Employee assessment records - ESPN leadership program details Unlike typical cybercrime groups, NullBulge did not demand ransom, instead immediately releasing the data through BitTorrent. The group stated that making demands would have been futile, believing Disney would have immediately locked them out if approached. Disney has acknowledged the incident with a brief statement confirming they are "investigating this matter." The breach affects Disney's vast entertainment empire, which includes divisions such as Marvel Studios, Lucasfilm, Disney+, Hulu, ESPN, and ABC News. Security researchers have verified the legitimacy of at least some of the leaked data, with Roei Sherman, field CTO at Mitiga Security, confirming that "all of it looks legit." The incident highlights the ongoing vulnerability of corporate communication platforms and the growing concerns about AI's impact on creative industries.