Walt Disney Internal Slack Channels Compromised by Hacker Group NullBulge

Disney Slack hacked by hacker group NullBulge

In a stunning cyberattack, reminiscent of the 2014 Sony Pictures breach, Disney has been hit by a major hack. This attack, carried out by the well-known hacker group NullBulge, has exposed huge amounts of Disney’s internal communications and sensitive data. The breach specifically targeted Disney’s Slack channels, resulting in the unauthorized release of roughly 1.2 terabytes of data.

The infiltrated data encompasses nearly 10,000 channels, encompassing every message, file, and conversation possible. NullBulge declared on X, formerly Twitter, “1.2 TB of data, almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there. We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special {name}! Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future.”

NullBulge Group Disney Slack Hack

This attack highlights the vulnerability of corporate communication platforms such as Slack. The leaked data was comprised of many elements, ranging from unreleased projects to raw images and internal codes – all of which could be disruptive in relation to Disney’s future operations. It could be argued that the more costly element of the leak was the exposure of sensitive login details and internal APIs, further exposing Disney’s cybersecurity infrastructure.

Disney were quick to respond to the hack, announcing that they had quickly launched a thorough investigation to uncover the true cost of the breach. Disney themselves have admitted to the breach and announced that they are taking steps to prevent a repeat of this in the future.

It is worthwhile stepping back and assessing the wider picture when it comes to data breaches. It is often only when newsworthy corporations such as Disney are compromised that discussions around cybersecurity are truly brought to the fore. However, these attacks happen on a daily basis and businesses of all sizes are targeted. In 2023, the average cost of a data breach in the U.S. was an astonishing $9.48 million, while globally it was $4.45 million. It is not just the financial consequences of such breaches that are harmful to a business, but also the reputational damage that they cause. Numbers such as these serve to highlight the importance of a robust, all-encompassing cybersecurity strategy. At the forefront of this should be a comprehensive, business-wide antivirus software that is easily manageable through a single site license, such as SUPERAntiSpyware’s business antivirus software offering.

Update your firmware to avoid the KRACK WPA2 vulnerability!

KRACK

Security researchers have discovered a vulnerability in the WPA2 wireless protocol. The exploit is called KRACK, short for Key Reinstallation Attacks that can allow hackers to snoop on WiFi connections and inject data into WiFi streams to do things such as install malware and other rogue actions such as steal passwords, emails, and other data.

Microsoft issued an update during last week’s October patch release that fixes the problem on Windows OS, if you have not updated your Windows installation it is recommended you do so immediately. Microsoft has stated that even when the vulnerability is patched within Windows, router firmware and Wifi drivers installed or connected to Windows machines that have not been updated can still be affected. To fully protect yourself, Windows users should also install patched WiFi drivers and router firmware if available, in addition to the patch Microsoft released for Windows.

Tax Season is here – Watch out for Identity Stealing Spyware!

Taxes The Season is Here !

Keep your personal information safe this tax season by doing a Free scan with SUPERAntiSpyware Free Edition

We want to remind everyone that tax season is the time of increased attacks in the forms of spyware, various methods of phishing , and scams. Spyware and Malware authors significantly increase their activity during the tax season in order to try to steal data and withdraw money from bank accounts, steal credit cards, passwords, and other malicious acts.

Watch out for Identity Stealing Spyware!

During this tax season its important to do a few things to help protect yourself online:

1) Make sure your Operating System and software applications such as web browsers and email clients are up to date.

2) Run a Complete Scan with SUPERAntiSpyware regularly with the latest updates, at least twice a week during this period of increased activity.

3) Be cautious before visiting strange websites, or opening strange email attachments. Think before you click!

4) Manually erase, or use privacy software, to delete sensitive data from you PC. Spyware cannot steal what isn’t there!

5) Lookout for spam phishing email impersonating government, bank, or tax company officials asking for sensitive information.

Do you have any security recommendations that help you stay safe during the tax season? Feel free to leave a comment below!

SUPERAntiSpyware Team