A hacker group named NullBulge claims to have stolen and leaked 1.2 terabytes of Disney’s internal Slack communications. The data includes discussions about ad campaigns, studio technology, unreleased projects, interview candidates, login credentials and images of employees’ dogs, dating back to 2019.
NullBulge — which targets companies for their handling of artists’ contracts, use of AI and consumer practices — said they leaked the data to protest Disney’s actions in these areas. The group claims they received help from a Disney insider, but this remains unconfirmed. Disney has said it is investigating the matter.
The leaked information was initially posted on BreachForums but has since spread to mirror sites. Security experts, such as Roei Sherman of Mitiga Security, warn that breaches like this are becoming more common, particularly with cloud and SaaS platforms. Sherman noted that the leaked data appears legitimate and includes URLs, employee conversations, credentials and other content.
A spokesperson for NullBulge criticized Disney for how it handles artists’ contracts, its approach to AI and its “blatant disregard for the consumer.” The group’s website describes its mission to protect artists’ rights and ensure fair compensation.