Hackers now target Disney: Data breaches hit major companies

Disney has recently experienced a major cyber attack by the hacker group NullBulge, resulting in a significant data breach involving 1.1TB of sensitive information.

The group accessed Disney’s internal Slack channels, compromising unreleased projects, concept art, login details and personal information.

NullBulge announced the breach on social media, stating, “Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up.”

#DisneySlackLeak#Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.https://t.co/saVx4lxgsy pic.twitter.com/FitM8hmOEE

— NullBulge (@NullBulgeGroup) July 12, 2024

The hackers posted a screenshot of the stolen data to validate their claims. Despite the seriousness of the situation, Disney has not yet issued a public statement regarding the extent of the data leak.

This lack of response leaves many questions about the security of Disney’s internal communications and the potential consequences of this incident.

Who is NullBulge, the group that hacked Disney?

NullBulge describes itself as a “hacktivist” group focused on protecting artists’ rights and ensuring fair compensation. Their website outlines their missions, such as monitoring and reporting art theft incidents, advocating for fair compensation models, and taking action against those they consider thieves.

The group has previously targeted companies like KlapAI, reflecting their commitment to these causes. Although NullBulge has not explicitly stated its reasons for targeting Disney, the entertainment giant’s recent controversies over royalty payments may provide some context.

Why does Disney face significant criticism, legal challenges?

Disney has faced significant criticism and legal challenges regarding its treatment of writers and artists. Notable figures like Neil Gaiman and Alan Dean Foster have spoken out against the company’s practices.

Gaiman criticized Disney’s decision to cease royalty payments for novelizations and graphic novels based on Disney-owned properties, affecting creators working on massive franchises such as “Star Wars” and “Alien.”

Alan Dean Foster revealed he had not received royalties for his “Star Wars” and “Alien” novels after Disney acquired them. Given NullBulge’s focus on artists’ rights, these ongoing disputes could motivate the attack.

Security breaching incidents in gaming industry

This incident is not isolated within the gaming and entertainment industries. Similar breaches have occurred with other major companies.

In late 2022, Rockstar Games suffered a breach via Slack, leading to the leak of 90 videos of GTA 6. Insomniac Games also experienced a significant data breach in late 2023, resulting in over one million files being compromised.

As more details emerge, particularly concerning the unreleased projects and internal data now exposed, Disney’s legal team is likely preparing to address the ramifications of this breach, both internally and externally.

NullBulge’s website is currently offline, preventing access to the leaked data. However, the initial leaks have already begun to surface online, including details of an upcoming game, “Aliens Fireteam Elite 2.”

Other major companies that got hacked recently

1. Snowflake hack: A wave of leaks

The cloud storage company Snowflake experienced a massive breach, resulting in the compromise of numerous customer databases in May 2024. This attack led to subsequent breaches at multiple other companies, including Ticketmaster and Santander.

The hacker group ShinyHunters claimed responsibility, exploiting single-factor authentication vulnerabilities at Snowflake. This breach highlighted the importance of multi-factor authentication (MFA) and robust security protocols to protect sensitive data​.

2. Ticketmaster data breach: Half a billion customers affected

Ticketmaster faced a significant data leak also in May 2024, with over half a billion customers’ information exposed on the dark web. The leaked data included full names, addresses, phone numbers, email addresses, and order history.

Ticketmaster’s parent company, Live Nation, confirmed the breach and stated they are cooperating with law enforcement to mitigate the risks and protect their users​.

3. AT&T: Massive customer data leak in 2024

In April 2024, AT&T informed approximately 73 million customers that their personal details had been compromised and posted on the dark web. The leaked data included Social Security numbers, customer passcodes, and potentially names, addresses, and dates of birth.

This breach originated from a hack initially occurring in 2019 but only came to light recently. AT&T is currently facing multiple class action lawsuits because of this breach.

4. UK Ministry of Defense’s payroll system breached in 2024

The payroll system of the U.K. Ministry of Defense was hacked, exposing the personal data of nearly 270,000 current and former staff. The compromised information included identities, bank details, and, in some cases, national insurance details and addresses.

The breach targeted SSCL, the private contractor managing the payroll system. Although the U.K. government has not named the country responsible, there are suspicions of Chinese involvement​.

5. NHS Scotland: Sensitive patient data exposed

In March 2024, NHS Scotland’s Dumfries and Galloway health board experienced a ransomware attack by the Inc Ransomware Group. The hackers published sensitive healthcare-related data, including clinical information and financial data on staff, on the dark web.

The National Cyber Security Centre (NCSC) is working to mitigate the impact of this significant data breach​.

6. American Express: Third-party processor breach

American Express notified its customers of a potential data breach involving a third-party merchant processor in March 2024. The unauthorized access compromised the names, account numbers, and card details of numerous customers.

American Express has urged users to monitor their accounts for fraudulent activity and enable real-time notifications for unusual transactions​.

7. Bank of America: Third-party breach

In February 2024, Bank of America informed its customers of a significant data breach resulting from a cyberattack on Infosys McCamish Systems, a subsidiary of Infosys.

The breach compromised sensitive information, including names, Social Security numbers, and account details of over 57,000 individuals. The incident underscores the vulnerabilities that financial institutions face because of interconnected service ecosystems​.

8. Change Healthcare: Ransomware attack disrupts services

Change Healthcare, a major operator of health payment processing in the U.S. suffered an extensive ransomware attack in February 2024. The attack led to significant disruptions in healthcare services and the potential exposure of 6 TB of sensitive data.

The hacker group BlackCat claimed responsibility, and reports suggest that a ransom of $22 million was paid. The incident is under federal scrutiny, with investigations into the company’s cybersecurity measures.​

9. Genetic testing company 23andMe suffers data breach

Genetic testing company 23andMe announced that hackers had obtained data on 4 million users in October 2023. The attack utilized credential stuffing, leveraging data from previous breaches to gain access to user accounts.

The compromised data included display names, birth years, and some genetic ancestry results. 23andMe has urged users to reset their passwords and enable multi-factor authentication​.

10. Sony: Employee data compromised

In early October 2023, Sony notified nearly 7,000 current and former employees that their data had been compromised in a breach linked to the MOVEit attacks.

This incident primarily affected employee data, including emails, phone numbers, and salaries. Sony promptly addressed the breach and secured its systems, although no customer data was implicated​.

The recent cyber attack on Disney by the hacker group NullBulge has brought to light significant vulnerabilities in corporate communication platforms like Slack.

With 1.1TB of sensitive information compromised, including unreleased projects and personal details, this incident points to the critical importance of robust cybersecurity measures.