Disney has launched an investigation after a hacker group leaked data allegedly belonging to the entertainment giant.
The hackers, calling themselves NullBulge and claiming to be hacktivists, announced on Friday on a popular hacking forum that they obtained 1.1 Tb of data that allegedly comes from Disney’s internal Slack channels.
The leaked data, which has yet to be verified, allegedly includes messages and files from 10,000 channels. The stolen data is said to include information on unreleased projects, source code, login credentials, and links to internal APIs and web pages.
The hackers suggested that they gained access to the Disney data after compromising an employee’s account.
Disney has yet to respond to SecurityWeek’s inquiry, but the company told CNN that it’s investigating the matter.
The hackers who leaked the data describe themselves as a “hacktivist group protecting artists’ rights and ensuring fair compensation for their work”.
Nullbulge also made the news last month, when it abused an extension for a popular AI tool to steal users’ login credentials.
“If this breach is legitimate, it will be interesting to learn more details about it,” Roger Grimes, data-driven defense evangelist at KnowBe4, told SecurityWeek. “I know many of Disney’s security team members and they care and the company extremely cares about cybersecurity.”
“There are many tens of millions spent a year to protect Mickey’s and Disney’s creative content. Not sure how this happened, but you can be assured this will be addressed at the highest levels and fixed,” Grimes added. “But it’s also a cautionary lesson that even companies with the best cybersecurity can have security incidents, even with great employees and great company support.”
Related: Evolve Bank Data Leaked After LockBit’s ‘Federal Reserve Hack’
Related: New York Times Responds to Source Code Leak
Related: Misconfigured Firebase Instances Expose 125 Million User Records