Disney’s Slack Channels Hacked Due to AI Policy

Disney has fallen victim to a hack of its Slack platform for internal communication. The hacker group NullBulge claims to have dumped 1.1 tebibytes (slightly more than a terabyte) of chat messages and files online. Anger over Disney’s handling of AI is given as the reason.

Data from around ten thousand Slack channels are believed to have fallen into the wrong hands. The leaked data mostly pertains to software projects Disney developed five years ago. Also exposed are unreleased projects, login credentials, raw images, and code. The entertainment group, which owns theme parks, interests in the film industry, streaming services, and the sports channel ESPN, is conducting an investigation.

NullBulge presents itself as a hacktivist group aiming to defend artists against companies that use their work to train AI systems. The Wall Street Journal, which first reported on the hack, cites a spokesperson from the hacker group. They say they targeted Disney “because of the way the company handles artists’ contracts and its approach to AI.”

Video Games
NullBulge has previously spread malicious software by hiding it in free add-ons for video games and AI-driven software for generating images. This tactic is known as a Trojan horse. The group claims to have infiltrated Slack through a computer belonging to a Disney software development manager. The first breach occurred via a video game add-on, and the second was achieved using an undisclosed method.

Until now, Slack was known as a secure environment for team collaboration. The data is encrypted, and organizations can manage their own encryption keys. Numerous measures are also available to prevent unauthorized access to Slack.

Source: Alfred Monterie for Computable.nl