Disney “breached,” data dumped online

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers.

Tweet by NullBulge

“#DisneySlackLeak

#Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.”

The group says it got a hold of a huge amount of data, including unreleased projects and login info:

“1.2 TB of data, almost10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there. We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special {name}! Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future.”

This seems to indicate that the group was helped by an insider, and that it might have obtained even more had that person not backed out of assisting. It’s unlikely that NullBulge had access to customer data through these Slack channels, but it does look as if the group accessed a lot of material that Disney was working on.

Calling itself a hacktivist group that aims for better compensation and protection of artists’ rights, the group then announced the breach on infamous data leak site BreachForums and provided screenshots of its findings.

Post on BreachForums with screenshots
Post by NullBulge on BreachForums

“Hi there folks, it is us again.

Yesterday we leaked some small DB, now we leak the big guns.

1.1TiB of data. almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there.

Perfect for gathering intelligence and more.”

The earlier post NullBulge is referring to is a WordPress database dump of the howwelove[.]com domain. We have no idea what the group’s beef with this relationships-focused website is.

Disney is yet to make a comment. We’ll keep this post updated with the latest developments


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

https://blog.malwarebytes.com/feed/