It was to be expected that Disney would take action to secure its system after a hacktivist group stole over one terabyte of data from the company’s internal messaging channels. And the firm is doing just that by ditching Slack.
Back in July, the attacker group NullBulge said it didn’t like that Disney used artificial intelligence to generate some of its artwork and leaked a whopping 1.1TB of data from the entertainment giant’s internal Slack archive.
The attackers’ blog post alleged that the heist was possible due to an insider collaborator. The cybercriminals claimed they couldn’t get more data because “our inside man got cold feet and kicked us out!”
Now, more than two months later, Disney is doing away with Slack and reorganizing the way its employees communicate across the Bob Iger-led company.
“I would like to share that senior leadership has made the decision to transition away from Slack across the company,” Hugh Johnston, Disney’s chief financial officer, said in an email to staffers on Wednesday, which was obtained by Status.
“Our technology teams are now managing the transition off Slack by the end of Q1 FY25 for most businesses.”
According to Johnston, the entire migration from the messaging application should be completed during the second quarter of 2025 because some cases require extra time to transition off Slack.
In July, the attackers bragged on a popular data leak forum that the stolen data included unreleased projects, raw images and code, some login details, links to internal web pages, and other information.
Internal chat leaks pose severe risks to exposed companies, as messages provide malicious actors with the means to compromise sensitive information, conduct unauthorized access, and potentially exploit confidential company resources.
This particular dataset could serve as a goldmine for cybercriminals. For example, ransomware gangs often target victims who have the biggest potential to allow for supply-chain attacks, and exposed company secrets could facilitate attackers penetrating deep inside the company.
Lou Steinberg, founder and managing partner at CTM Insights, a cybersecurity research lab and incubator, told Cybernews he wasn’t surprised that the hacktivists targeted a large and well-known company – but Disney should have done better.
“Large companies can better protect internal communications by asking what types of threat actors care about them and their industry and align their defenses accordingly,” said Steinberg.
In this case, the threat actor was seemingly helped by a Disney employee. According to Steinberg, Disney should have seen someone downloading that much data from its Slack channels.
“Using behavioral analysis, they might have noticed that a user who doesn't normally download a lot is suddenly grabbing copies of everything in sight. That should have been detected and stopped in real-time,” said Steinberg.
In the past, attackers have taunted companies after breaching their internal Slack channels. The hackers of MGM and Caesars, for example, used the companies’ messaging platforms to monitor employee activity and gather additional information.
Last year, video game publisher Activision also suffered a data breach, with threat actors accessing its corporate Slack environment and game release calendar.
Your email address will not be published. Required fields are markedmarked