The “hacktivist” collective NullBulge released 1.1 gigabytes of data from Disney’s internal Slack archive in July because they were upset about the company’s usage of artificial intelligence (AI) to create some of their artwork.
Disney now claims that Slack will be discontinued.
Disney’s CFO, Hugh Johnston, sent out an email to employees on Wednesday that Status was able to receive. “I would like to share that senior leadership has made the decision to transition away from Slack across the company,” Johnston wrote. “Most businesses will be moving off of Slack by the end of Q1 FY25, and our technology teams are currently managing this transition.”
As to the memo, numerous teams at Disney, a company with around 220,000 employees, have commenced the shift to alternative communication platforms. Disney plans to move away from Slack by the end of Q1 2025, but the document stated that certain “more complex use cases” might not be finished until the end of the following quarter.
A Slack representative told Fortune, “At this time, there is no evidence this issue was the result of a vulnerability inherent to Slack.” Fortune reached out to Salesforce for comment, but they did not reply.
Ameesh Divatia, CEO of cloud data protection business Baffle, told Fortune that “data breaches have become disturbingly routine, but Disney’s incident is a stark reminder that we’ve entered a new era of corporate vulnerability.” “This is potentially corporate espionage on a silver platter; it’s not just about leaking consumer emails anymore. Although breaches happen frequently, this one stands out for its size and character.
Disney also declined to answer when Fortune asked about the platform it plans to switch to early in the upcoming year or the precise number of employees impacted by the hack.
How did Disney get hacked, and what is NullBulge?
Earlier this year, NullBulge, a new hacktivist group, purportedly acquired material from nearly 10,000 internal Disney Slack channels, including unannounced projects, code, photos, login credentials, and links to internal websites. The Wall Street Journal obtained data from Disney’s Slack channel that were leaked, and they revealed that many of the subjects and materials discussed by the company’s workers were private.
“Protecting artists’ rights and ensuring fair compensation for their work” is allegedly the main objective of NullBulge. The implementation of AI-use regulations and back-to-back strikes by workers demanding more compensation have made this a hot-button issue in the entertainment industry. To address those demands, a union that represents Hollywood film and television personnel struck a tentative three-year agreement with major studios in June.
Some cybersecurity professionals, however, believe the hackers’ motivations are dubious.
Ilia Kolochenko, CEO of ImmuniWeb, told Infosecurity Magazine that “hacktivists are highly unlikely to run operations of such scale to protect intellectual property and the rights of artists.” It was more plausible that the gang intended to remove specific content issues from Disney’s library or to use it as leverage in blackmail.
It’s unclear, though, exactly why Disney’s Slack channels were hacked by NullBulge. A misconfiguration of their messaging apps, lax security procedures, out-of-date software, human mistakes, and other vulnerabilities are among the possibilities.
CEO of cybersecurity firm Arctic Wolf Dan Schiappa told Fortune that “there is a greater risk for human error with larger companies because you have a larger number of employees who are accessing your company data around the world.” Organisations must have complete and unobstructed visibility into their IT environment to detect any vulnerabilities or abnormal activity because every one of these individuals and their workstations poses a potential danger in and of itself.
According to cybersecurity experts, Slack may not ultimately be to blame.
Divatia declared, “No single platform is impenetrable.” It is always a recipe for catastrophe to entrust your company’s secrets to just one system. Regardless of where the data is stored or how it is delivered, the emphasis needs to move from safeguarding communication channels to protecting the data itself. Frequently, data management practices on these platforms—rather than the platforms themselves—are the source of the issue.
(Tashia Bernardus)