In July 2024, The Walt Disney Company faced a cybersecurity breach when over 1TB of sensitive data was stolen from its internal Slack channels. The breach was carried out by the group ‘NullBulge,’ exposing confidential company information, including project details, financial data, and internal communications. This could be considered personal information under General Data Protection Regulation (GDPR) if the stolen information includes personal employee information or any data that can be linked to identifiable individuals. Now, Disney has reportedly decided to transition away from Slack, with plans to migrate to a new collaboration platform by the end of its next fiscal quarter. The breach follows a similar incident in June 2024, where 2.5GB of corporate data from Disney’s Confluence server, including information related to the discontinued Club Penguin game, was leaked. Both incidents have raised concerns about the security of communication platforms like Slack and the potential risks they bring to corporate data.
What Was Exposed?
The breach exposed a large amount of sensitive data, including internal messages from nearly 10,000 Slack channels used by Disney employees. The stolen information included unreleased project details, financial reports, login credentials, and links to internal systems such as APIs. This data theft compromised internal communications and proprietary company information, making it one of the biggest data breaches Disney has experienced in recent years. The group responsible for the attack, ‘NullBulge,’ posted the stolen data on hacking forums. This included raw images, source code, and confidential information from ongoing Disney projects. The leak also exposed personal employee details, including phone numbers and other data.
How ‘NullBulge’ Accessed Disney’s Slack
While the technical details of the breach have not been fully disclosed, cybersecurity experts suggest that ‘NullBulge’ likely gained access to Disney’s Slack environment through compromised employee credentials. Similar tactics have been used in previous breaches, such as the ___, where attackers gained login details via social engineering and phishing campaigns.
Another possible attack vector is the exploitation of vulnerabilities within Slack’s platform itself. Platforms like Slack are designed to be accessible and integrated with third-party apps, which can introduce security gaps if not properly secured. Once ‘NullBulge’ gained access to Disney’s Slack, the attackers could have stolen the data over time, unnoticed by the company’s cybersecurity team. In 2023, Activision’s Slack was also breached, resulting in the theft of data related to upcoming game releases. These incidents tell the public that Slack need stronger internal security measures, as they hold a vast amount of sensitive information.
Moving Away From Slack
Disney has made the decision to move away from Slack as its primary internal communication tool following the breach. In an internal memo obtained by CNBC, Disney’s Chief Financial Officer Hugh Johnston confirmed that most business units will have completed their transition to a new, more secure collaboration platform by the end of the company’s next fiscal quarter. The transition is expected to be fully completed by the second quarter of 2025. Disney has not disclosed which platform it plans to adopt, but speculation points to alternatives such as Microsoft Teams, which offers more advanced security features, including end-to-end encryption.
The Confluence Server Breach
The Slack breach came just one month after a separate data leak involving Disney’s Confluence server in June 2024. In this incident, 2.5GB of corporate data, including information related to the defunct Club Penguin game, was leaked on the 4chan message board. The attackers gained access to the server using previously exposed credentials. While the Club Penguin data was largely outdated, the breach also included corporate strategy documents, internal developer tools, and advertising plans. Disney’s breach is not the first to display the weaknesses of communication platforms like Slack. In recent years, several high-profile companies have experienced similar breaches, where attackers gained unauthorized access to internal communications. Slack is popular for its ease of use and integration capabilities, yet there is frequent criticism of its lack of end-to-end encryption for stored messages. This makes it an attractive target for cybercriminals who can find weaknesses in login security or third-party app integrations. With the increasing reliance on cloud-based communication tools, securing internal communications has never been more important for large enterprises.
The recent breach of Disney’s Slack system reminds us why securing communication platforms and upgrading cybersecurity is so important. The breach exposed more than 1TB of sensitive information, like project details and employee records.
Image credit: metamorworks, AdobeStock