With a hacker collective called Nullbulge claiming credit for the leak, Disney is the most recent big business to have a data breach of note. According to the group, it made available around 10,000 channels’ worth of internal Slack information. A Disney internal communications breach was indicated by an X account linked to Nullbulge that had been alerting Disney to the upcoming release for the previous few weeks.
The leaked data reportedly includes messages, files, code, and other sensitive information from Disney’s internal Slack channels. Nullbulge, in a blog post, detailed that the leaked information could provide insights into Disney’s planned projects, some login information, and more, all extracted from the company’s Slack messaging system. The group claimed to have accessed nearly 10,000 channels to dump “every message and file possible.” While Business Insider could not independently verify the size of the hack, the extent of the data breach appears substantial.
Nullbulge, which remains anonymous, described its mission as advocating for artist rights. According to The Wall Street Journal, the group targeted Disney due to dissatisfaction with the company’s artist contracts, its approach to artificial intelligence (AI), and what they described as a “blatant disregard for the consumer.” These grievances underscore a broader tension between creative professionals and large corporations, especially regarding the use of AI.
For weeks, the X account @NullBulgeGroup had been posting about their access to Disney’s Slack. One notable post from July 4th appeared to show a dashboard with daily attendance figures for Disneyland Paris, hinting at the depth of their access to Disney’s internal data.
Disney has acknowledged the breach and is investigating the matter. A spokesperson for the company emphasized that they are taking the situation seriously and are working to understand the full scope of the breach and its implications. This incident places Disney among other major corporations recently affected by significant data breaches. Just a few days prior, AT&T reported that hackers had stolen “nearly all” of its customers’ call and text records.
The motivations behind Nullbulge’s actions are rooted in the ongoing debate over the use of generative AI and the rights of artists. For more than a year, tensions have been escalating between tech companies that develop and deploy AI technologies and members of the creative community. Artists have accused corporations of using their work to train AI models without proper consent or compensation, a practice they see as exploitative.
Generative AI refers to algorithms that can create new content, such as images, music, or text, based on the data they are trained on. While this technology offers innovative possibilities, it also raises ethical and economic concerns. Artists argue that their original works are being used without permission to feed these AI systems, which can then produce new content that potentially competes with human-created art, often without credit or financial benefit to the original creators.
Nullbulge’s spokesperson provided insight into their strategy, explaining why the group chose to release the data before alerting Disney. They suggested that if they had approached Disney with the information beforehand, the company would have likely taken immediate steps to lock down their systems and neutralize the threat. By releasing the data first, Nullbulge aimed to ensure their actions had maximum impact.
The Disney breach, along with other recent high-profile data leaks, underscores the critical importance of robust cybersecurity measures. For large corporations, protecting sensitive information is paramount, not only to safeguard intellectual property but also to maintain trust with employees, partners, and customers.
It could be necessary for businesses to address the underlying problems that attract hacktivist groups in addition to fortifying cybersecurity protocols. This entails using AI technologies responsibly and following fair and open procedures with artist contracts. In order to promote a more equal connection between technology businesses and the creative community, it will be imperative to strike a balance between innovation and ethical responsibility as AI develops.
Further information regarding Nullbulge’s techniques and the particular data that was compromised is probably going to become available as the Disney breach investigation continues. People in the public and industry watchers alike will be intently observing how Disney handles the larger issues brought up by the hacktivist group as well as its response to this incident.
If you like the article please follow on THE UBJ.