Disney suffers massive internal communications data leak after cyberattack

Walt Disney’s internal communications on Slack have been leaked online, exposing sensitive details about ad campaigns, studio technology, and interview candidates, according to a Wall Street Journal report.

The hacker group NullBulge claimed responsibility, stating in a blog post that they had released over one terabyte of data from Disney’s Slack channels, which include computer code and information on unreleased projects.

The leaked data spans back to at least 2019 and covers discussions on managing Disney’s corporate website, software development, and job applicant evaluations, WSJ said.

Speculations on the method

Cybersecurity experts pointed out that in recent incidents, hackers have breached Slack accounts by exploiting stolen or leaked API keys.

“Developers often integrate Slack into their automation tools, and in the process, sometimes accidentally leak these keys on code-sharing sites like GitHub or API platforms like Postman,” said Rahul Sasi, CEO of CloudSEK. “For example, in the Disney leak, hackers gained access to public chat rooms. This occurred because Slack API keys, by default, typically have access to public Slack rooms.”

Others added that while it’s too early to comment definitively on the cause of such a massive breach, common factors like weak passwords, phishing, and social engineering might not have compromised multiple Slack channels.

“The most likely cause could be security misconfigurations or weaknesses in the various third-party integrations that Slack allows for functionality extension,” said Chandrasekhar Bilugu, CTO of SureShield. “Whatever the reason, the attackers seem to have exploited the vast amount of data stored indefinitely by Slack’s Data Storage and Retention policy.”

Mitigation strategies in the spotlight

The incident highlights the need for stronger security in workplace collaboration tools and better monitoring and threat detection technologies to prevent extensive data breaches.

“There are behavioral analytics tools that can be employed that enable organizations to establish baseline patterns of user and system behavior,” Bilugu said. “With continuous monitoring, deviations from normal activities can be flagged and detect potential data exfiltration and unauthorized access to sensitive information.

Companies can leverage DLP (Data Loss Prevention) solutions to prevent the unauthorized transfer of sensitive data outside the corporate network.”

These solutions employ content inspection and contextual analysis to identify, monitor, and protect sensitive data, including encryption and policy enforcement. 

“With the increasing adoption of cloud environments, organizations should consider advanced cloud security monitoring solutions that provide visibility into cloud-based infrastructure, applications, and data,” Bilugu added. “These tools offer real-time monitoring and threat detection tailored for cloud environments and can help identify potential data breaches and exfiltration in cloud-based systems.”

More security news:

• Google eyes security startup Wiz for $23B in its largest-ever acquisition
• AT&T confirms arrest in data breach of more than 110 million customers
• Kaspersky Lab shuts down US operations in wake of national security ban