Hackers ‘Publish Walt Disney Internal Slack Data’

Hackers have publicly released large amounts of internal data from The Walt Disney Company’s Slack workplace collaboration system, including conversations related to ad campaigns, studio technology and interview candidates, The Wall Street Journal reported.

Hacking group NullBulge said in a blog post it published data from thousands of Slack channels including computer code and details of unreleased projects, the paper reported.

The group said it had released more than 1 terabyte of Disney confidential data.

The information includes talks on managing Disney’s corporate website, software development and job application evaluations and dates back to at least 2019, the report said.

Internal data

“Disney is investigating this matter,” the company said in a statement.

Slack, owned by cloud app firm Salesforce, is widely used by large corporations for discussions of internal strategy.

The hack comes amidst ongoing fallout from a series of breaches affecting customers of cloud giant Snowflake, which the company has said affected more than 150 of its corporate customers.

AT&T disclosed on Friday that call data on nearly all its customers had been stolen from a Snowflake cloud environment.

In May the company reportedly paid more than $300,000 (£231,000) to a hacker to delete the call records, which were stolen in April.

Ticketmaster, Santander, LendingTree and Advance Auto Parts have all been identified as affected by the Snowflake hacks.

AT&T said it became aware on 19 April that data had been transferred from its Snowflake workspace to that of a third party. It delayed disclosure until Friday at the request of the US Justice Department, the company said.

Hack fallout

The Justice Department said earlier in the day that disclosure of the breach would “pose a substantial risk to national security and public safety”.

The FBI said it was working with AT&T and the Justice Department “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work”.

The data includes records of calls made from 1 May 2022 to 31 October 2022 and was downloaded in April, AT&T said.

Last month the hacking group ShinyHunters, which has taken credit for the Snowflake hacks, said it was selling sensitive informaiton on tens of millions of Santander customers following a hack in May.

In a post on a hacking forum, first noticed by Dark Web Informer, the group said it was selling bank account details for 30 million people, 6 million account numbers and balances, 28 million credit card numbers, and HR information for Santander staff, for an asking price of $2 million (£1.6m).

“Santander is also very welcome if they want to buy this data,” the group wrote in its online advert.