Disney 1.2 TB Slack Hack: NullBulge Claims Leak is its Own
2024-7-18 01:25:25 Author: securityboulevard.com(查看原文) 阅读量:12 收藏

A still from the 1928 animated short, “Steamboat Willie”—the first appearance of Mickey MouseHacktivist group wields infostealer Trojan, leaks 1,200 GB of mouse  droppings.

NullBulge, a hacktivist group not motivated by money, has attacked Walt Disney Co. With the help of an insider, it claims to have stolen 1.2 TB of data from the Slack instance run by the haus of mouse. This, we’re told, is as a punishment for bad behavior by NYSE:DIS.

That’s a lot of data. In today’s SB  Blogwatch, we wonder if all is as it seems.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention:  We did not start the fire.

Steamboat Bloat

What’s the craic? Waqas Ahmed reports: NullBulge claims to have breached Disney

Disney has stopped paying royalties
The breach … allegedly contains a complete copy of the company’s Slack communications used by their development team including messages, files, and other data exchanged within the Slack workspace. [NullBulge] claim the dump includes “almost 10,000 channels, every message and file possible, unreleased projects, raw images, code, logins, links to internal API/web pages, and more!”

The origins of the NullBulge Group are unknown. However, their official website claims the group aims to protect artists’ rights and ensure fair compensation for their work. … Prominent figures like Neil Gaiman [and] Alan Dean Foster … have highlighted that Disney has stopped paying royalties to some writers and artists for works that include novelizations and graphic novels of Disney-owned properties … such as “Star Wars” and “Alien,” … after Disney acquired the respective franchises.

And then, the other shoe. Paul McNally and Sam Shedden pick it up: Disney hackers hang “inside man” out to dry

Going to be a rough few weeks
Lie with dogs and you will wake up with fleas. The old proverb still rings true to this day and a Disney employee today will allegedly be waking up to a cold chill and a morning of internal meetings after being outed as “the inside man” in the Disney hack.

The alleged inside man … was named in an intimidating warning to others not to cross the group. … He has been at the company for almost nine years and lives in Los Angeles.

Disney is yet to comment but … we can be sure Disney’s not exactly unsubstantial legal team will be gearing up as you read this. … This is going to be a rough few weeks.

And then, NullBulge followed through on the threat. So says Lily Hay Newman:

Doxxed the individual
In addition to the alleged Slack data, NullBulge also posted what appears to be detailed information about the individual who was seemingly providing the insider access and data. The leak includes medical records and other personally identifying information, plus the alleged contents of the alleged Disney employee’s 1Password password manager.

NullBulge seemingly doxxed the individual in retaliation for cutting off communication and access. … A person with that name who lists Disney as their current employer did not return [my] request for comment. Disney did not confirm the breach or return multiple requests for comment.

What’s the lesson? SoftTalker talks tough:

Again highlighting the unrecognized liability companies are taking on by logging every scrap of internal communication, no matter how informal or ill-conceived it may be. … At least today, conversations at the water cooler or in the lunchroom are not required to be recorded.

However, Flamecation21 dismisses it as mere “vacation planning webpages:”

A terabyte of unsorted, unlabeled, website grabs and scrapcode pages isn’t worth looking through.

It might not be all it’s cracked up to be, thinks linuxdude314, who claims to be ex-Disney IT:

I find it highly unlikely this leak is what it is claimed to be. Disney doesn’t just use one Slack instance across the whole company and everyone knows to not put pre-release content on … public platforms. Maybe they compromised an instance owned by DTSS (Disney’s centralized IT entity), but this would have little to do with Disney Studios like they imply.

Still, hacktivists gonna hack. HollowedLeaf waxes unsympathetic:

Their stated reason … is pretty clearly a sham. This doesn’t do anything to further artists’ rights. I don’t know why these guys are trying to claim some sort of moral superiority when it’s obvious they’re just pulling off hacks for clout.

Is that really the reason why? Petersko doesn’t care:

Who cares why? … How will that change things? These folks hacked Disney because they could. Why they feel the need to wrap some tenuous justification around it is beyond me.

Meanwhile, WonkoTheSane waves both hands in the air:

On the one hand stealing data is probably wrong. But on the other, **** giant corporations.

And Finally:

Perspective is all

Previously in And Finally


You have been reading SB  Blogwatch by Richi  Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: The Walt Disney Company, née Disney Brothers Cartoon Studio (public domain—so suck it, Disney lawyers)

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/07/disney-nullbulge-slack-hack-richixbw/
如有侵权请联系:admin#unsafe.sh