Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Disney data leak. Show all posts

Disney Data Breach Exposes Sensitive Corporate and Personal Information

 

In July, Disney experienced a significant data breach that exposed far more than initially reported, compromising a wide array of sensitive information. While early reports focused on stolen Slack messages, it has since been revealed that the breach extended deep into the company’s critical corporate files. According to sources, hackers gained access to sensitive information, including financial projections, strategic plans, sales data, and streaming forecasts. 

The breach did not stop at corporate data. Hackers also accessed personal information of Disney Cruise Line members, including passport numbers, visa statuses, contact details, and birthplaces. In addition, data related to theme park pass sales was compromised, potentially impacting thousands of visitors. This breach has raised serious concerns about the security of personal data at Disney, one of the world’s most recognized entertainment companies. 

Initially, Disney reported that over a terabyte of data was leaked, but the full extent of the breach is still under investigation. In an August address to investors, the company acknowledged the severity of the attack, prompting questions about the cybersecurity measures in place not only at Disney but also at other major corporations. The incident has highlighted the growing need for robust and effective cybersecurity strategies to protect against increasingly sophisticated cyber threats. The hacking group Nullbulge has claimed responsibility for the attack. 

In a blog post, the group boasted of gaining access to internal data on upcoming projects as well as employee details stored in Disney’s Slack system. This claim has raised further alarms about the potential exposure of sensitive company plans and employee information. When asked to comment on the specifics of the breach, Disney declined to provide details. A spokesperson stated, “We decline to comment on unverified information that has purportedly been obtained as a result of illegal activity.” 

This response underscores the complexity and evolving challenges that companies face in safeguarding sensitive information from cyber threats. As cyber threats become more sophisticated, this breach serves as a stark reminder of the vulnerabilities even within prominent organizations. It emphasizes the urgent need for businesses to strengthen their cybersecurity measures to protect both corporate and personal data from being compromised in an increasingly digital world.

Activist Hacking Group Claims Leak of Disney’s Internal Data

 

An activist hacking group has alleged that it leaked a substantial amount of Disney's internal communications, including details about unreleased projects, raw images, computer code, and some login credentials.

The group, known as Nullbulge, has claimed responsibility for the breach, asserting that it obtained approximately 1.2 terabytes of data from Disney’s Slack, a popular messaging platform. In an email sent to CNN on Monday, Nullbulge explained that they gained access through “a man with Slack access who had cookies.” The email also indicated that the group is based in Russia.

According to Nullbulge, the user initially attempted to remove them but allowed them to re-enter before the second breach. CNN was unable to independently verify these claims.

Disney issued a statement on Monday, acknowledging the situation and stating that it “is investigating this matter.” The company’s extensive operations span various divisions and platforms, including ESPN, Hulu, Disney+, and ABC News.

The hacking group stated their motivations included concerns about how Disney manages artist contracts and its approach to artificial intelligence (AI), along with what they described as the company's disregard for consumer interests.

Nullbulge had been teasing this major leak over recent weeks on social media. For instance, in June, they posted on X what appeared to be visitor, booking, and revenue data from Disneyland Paris.

The issue of AI has been a contentious topic in recent labor disputes, notably during the Screen Actors Guild and the Writers Guild of America strikes. Writers are worried that AI could replace them in scriptwriting, while actors fear that CGI might entirely replace their roles.

The hackers mentioned that they chose to leak the data rather than negotiate with Disney. “If we said ‘Hello Disney, we have all your Slack data,’ they would immediately lock down and attempt to neutralize us. In a confrontation, it’s better to act first,” the email stated.

This incident recalls the 2014 Sony Pictures hack, which, linked to North Korea, resulted in an international crisis by exposing company emails, celebrity aliases, social security numbers, and entire movie scripts.