Anti-generative AI hacker group 'Nullbulge' steals huge amounts of data from Disney's internal Slack channel



In July 2024,

Nullbulge , a hacker group critical of generative AI, was reported to have leaked a large amount of data from an internal Slack channel of the Walt Disney Company (Disney), which operates movies and Disneyland. Nullbulge claims that their motivation for hacking Disney was due to Disney's 'way of handling artist contracts, its approach to AI, and its blatant disregard for consumers.'

Internal Disney Communications Leaked Online After Hack - WSJ
https://www.wsj.com/business/media/internal-disney-communications-leaked-online-after-hack-b57baaeb

Disney's internal communications leaked online after hack, WSJ reports | Reuters
https://www.reuters.com/technology/cybersecurity/internal-disney-communications-leaked-online-after-hack-wsj-reports-2024-07-15/

A hacking group reportedly leaked confidential data from thousands of Disney Slack channels.
https://www.engadget.com/a-hacking-group-reportedly-leaked-confidential-data-from-thousands-of-disney-slack-channels-001124844.html

An anonymous hacker group calling itself Nullbulge reported on X (formerly Twitter) in July 2024 that they had leaked 1.1 TiB ( tebibytes ) of data from Disney's internal Slack channels and made it available for anyone to download. Nullbulge claims to have accessed approximately 10,000 Slack channels in order to steal all possible messages and files.



The data reviewed by The Wall Street Journal includes information on maintenance of Disney's corporate website, advertising campaigns, studio technology, software development, evaluations of job candidates, emerging leaders programs within sports channel ESPN , and conversations about photos of employees' dogs, and the data dates back to at least 2019.

However, it was not possible to confirm whether the data actually came from within Disney or the exact scope of the leak. A Disney spokesperson told The Wall Street Journal, 'Disney is investigating this matter.'



Nullbulge is a hacker collective that calls itself a 'hacktivist group that defends artists' rights.' On their website, Nullbulge states, 'Our mission is to enact ways to ensure that theft from artists is reduced and promote a fair and sustainable ecosystem for creators. Our hacks are not malicious, but are intended to punish those who steal. Big theft and small theft meet the same fate. We will work tirelessly to develop and implement solutions that protect the rights and livelihoods of artists in the digital age. So be careful where you get your content from.'

Nullbulge also claims that AI art is harmful to the creative industries, and states on its website that hacking also targets 'any form of theft,' such as the leaking of paid content from artist support platforms like Patreon.

In a message to The Wall Street Journal, Nullbulge explained his reasons for hacking Disney this time were 'because of the way they handle artist contracts, their approach to AI and their blatant disregard for consumers.'

When asked why he decided to release the data immediately without negotiating with Disney, he said, 'If we said, 'Hey Disney, we have all your Slack data,' they would immediately try to lock us down and shut us out. In a duel, it's better to fire first.'



Security researcher Eric Parker believes that Nullbulge is actually a single hacker, not a 'group.' 'They're not hacking for money,' he said. 'I think this is an attention-grabbing operation.'

The Wall Street Journal reported that Nullbulge had previously stolen personal information and credentials of Disney employees and published them online, and that the hackers had previously compromised the computers, first through a video game add-on and then through an undisclosed method, after gaining access to the information through a Disney software development manager.

in Security, Posted by log1h_ik