- Nullbulge presents itself as a “hacktivist group” with purported noble intentions of safeguarding artists’ rights and advocating for equitable compensation in the creative industry.
- Rationale for targeting Disney reportedly stems from grievances related to the company’s treatment of artist contracts, its utilisation of artificial intelligence technologies, and its perceived lack of regard for consumer interests.
The recent claim made by a hacker group, known as Nullbulge, asserting that they have stolen 1.2TB of internal data from Disney’s Slack channels has sparked significant concern and scrutiny regarding the security practices and vulnerabilities within the entertainment industry giant.
The purported breach, if verified, could potentially have far-reaching implications for Disney, given the sensitive nature of the information allegedly compromised, ranging from details about upcoming projects and ad campaigns to internal logins and more.
In response to these allegations, Disney has confirmed that it is actively investigating the situation, as indicated by a statement from a company spokesperson to The Hollywood Reporter.
The hacker group has boldly proclaimed its infiltration of Disney’s internal communications on various online platforms.
Purported details surface online
In a blog post, Nullbulge boasted about the extensive scope of the data they claim to have obtained, boasting that it encompasses a vast array of content from a reported 10,000 Slack channels within the company.
They assert that the stolen data includes a wealth of unreleased projects, raw media files, code snippets, user credentials, internal links, and more. The dissemination of snippets from this trove of information has already commenced, with purported details surfacing online regarding potential projects like a sequel to Aliens Fireteam Elite and a collaboration between Fortnite and Disney.
Nullbulge presents itself as a “hacktivist group” with purported noble intentions of safeguarding artists’ rights and advocating for equitable compensation in the creative industry. Their rationale for targeting Disney reportedly stems from grievances related to the company’s treatment of artist contracts, its utilisation of artificial intelligence technologies, and its perceived lack of regard for consumer interests.
Digital assets under threat
Furthermore, Nullbulge justified its decision to release the pilfered data publicly without extortion or coercion, citing concerns that Disney would swiftly enhance its security measures if forewarned about the data breach.
If the authenticity of the claimed data breach is established, Disney would join a growing list of prominent corporations that have fallen prey to cyberattacks in recent times.
The incident involving Insomniac Games, where undisclosed projects and internal data were exposed online following a ransomware attack after Sony’s noncompliance with demands, serves as a reminder of the pervasive threat posed by malicious actors targeting sensitive commercial information.
Similarly, the unauthorised leaking of in-progress Grand Theft Auto 6 materials via Rockstar Games’ internal systems by an individual hacker underscores the persistent challenges faced by entertainment companies in safeguarding their digital assets.
The entertainment industry, encompassing film and television sectors, has witnessed sporadic yet impactful instances of cyber intrusions, notably exemplified by the high-profile breach at Sony Pictures Entertainment in 2014 that reverberated throughout the industry.
Companies within the entertainment ecosystem, including Roku, Ticketmaster, and AT&T, have also encountered cyberattacks in recent times, highlighting the elevated vulnerability of organisations within this dynamic and digitised domain.