According to HackRead, a hacker group named NullBulge claims to have breached Disney, leaking 1.1 TiB (1.2 TB) of data, including messages, files, and other data exchanged within Disney’s Slack workspace.
NullBulge Claims to Leak Extensive Disney Slack Data
The NullBulge hackers announced the Disney breach on the notorious cybercrime and hacker platform Breach Forums, further claiming that the leaked data includes:
• Nearly 10,000 channels
• All possible messages and files
• Unreleased projects
• Raw images
• Code
• Logins
• Internal API/web links, etc.
Additionally, NullBulge announced the hack on X, stating that the entire Disney development Slack had been dumped, amounting to 1.1 TiB of files and chat information.
NullBulge Suspected to Be Linked to LockBit Ransomware Group
There are rumors that NullBulge might be associated with the LockBit ransomware group, as NullBulge has been using a generator leaked by LockBit.
Ongoing Data Breaches
While the breach and data leak at Disney are unconfirmed, several data breaches have occurred in recent months, including:
• In July 2024, AT&T announced that hackers had stolen call records and text messages of “almost all” customers, affecting over 110 million Americans.
• In July 2024, the Ticketmaster platform was hacked, leaking 10 million barcodes related to Taylor Swift’s Era tour and demanding a ransom of $8 million.
• In early 2024, Evolve Bank & Trust, a banking-as-a-service company, experienced a cyberattack, leaking data of 7.6 million customers, including names, social security numbers, bank account details, and contact information.
These incidents highlight the severe data security landscape, with large platforms being particularly vulnerable to attacks. There is a pressing need to strengthen data protection measures and combat malicious activities like hacking and ransomware to safeguard data security and uphold corporate and personal rights.
How to Prevent Data Breaches
In compliance with relevant laws and regulations such as the Cybersecurity Law, Data Security Law, Personal Information Protection Law, and the Regulations on the Security Protection of Critical Information Infrastructure, and to address the growing threats to network data security, it is recommended that companies regulate data processing behaviors and enhance data security measures by:
• Deploying firewalls, intrusion detection systems, antivirus software, and other network security protection software to prevent unauthorized users from infiltrating systems and spreading malware.
• Establishing strict access control mechanisms, setting exclusive access permissions in systems to prevent sensitive data from being accessed by unauthorized personnel.
• Deploying SSL certificates for websites to enable HTTPS encryption, preventing data transmission leaks or tampering, and ensuring data transmission security.
• Deploying S/MIME email security certificates for email clients to encrypt email contents, preventing email phishing, tampering, and leaks.
• Deploying code-signing certificates for software programs to prevent malicious code tampering and ensure code integrity.
• Regularly backing up important data to restore it promptly in case of data loss or damage, ensuring business continuity.
• Providing regular data security training for employees to raise awareness of data protection.
These steps can help mitigate the risk of data breaches and reinforce the overall security posture of enterprises.