“Hacktivist” group NullBulge didn’t like that Disney uses AI to generate some of its artwork, so it leaked a whopping 1.1 terabytes of data from the entertainment giant’s internal Slack archive in July.
Now, Disney says it’s doing away with Slack.
“I would like to share that senior leadership has made the decision to transition away from Slack across the company,” Hugh Johnston, Disney's chief financial officer, said in an email to staffers on Wednesday, which was obtained by Status. "Our technology teams are now managing the transition off Slack by the end of Q1 FY25 for most businesses.”
Many teams at Disney—which employs about 220,000 people—have already started transitioning to other collaboration tools, according to the memo. By the end of Q1 2025, Disney will have transitioned off Slack, but some “more complex use cases” may not be completed until the end of the subsequent quarter, the memo said.
“At this time, there is no evidence this issue was the result of a vulnerability inherent to Slack," a Slack spokesperson told Fortune. Salesforce did not respond to Fortune's request for comment.
“Data breaches have become disturbingly routine, but Disney's incident is a stark reminder that we've entered a new era of corporate vulnerability,” Ameesh Divatia, CEO of cloud data-protection company Baffle, told Fortune. “This isn't just about leaked customer emails anymore—it's potential corporate espionage on a silver platter. While breaches are common, the scale and nature of this one set it apart.”
Disney also did not respond to Fortune’s request for comment about which platform it intends to transition to early next year or exactly how many of its employees were affected by the breach.
What is NullBulge and how did it hack Disney?
NullBulge, a new hactivist group that emerged earlier this year, stole data that allegedly included every message and file from almost 10,000 internal Disney Slack channels, including unreleased projects, code, images, login information, and links to internal websites. Many of the topics and documents discussed by Disney employees were confidential, according to The Wall Street Journal, which saw leaked files from the company’s Slack.
NullBulge claims its focus is on “protecting artists’ rights and ensuring fair compensation for their work.” This has become an increasingly important—and hot-button issue—in entertainment after back-to-back strikes from workers demanding higher pay and implementing AI-use standards. In June, a union representing Hollywood film and television crews reached a tentative three-year deal with major studios to meet those demands.
However, some cybersecurity experts think the hackers’ intentions are fishy.
“Hacktivists are highly unlikely to run operations of such scale to protect intellectual property and the rights of artists,” Ilia Kolochenko, CEO at ImmuniWeb, told Infosecurity Magazine. Instead, the group was more likely to have wanted to blackmail Disney or censor certain content topics from its library.
It’s hard to say, however, exactly why NullBulge was able to hack Disney’s Slack channels. Possibilities include a misconfiguration of their messaging applications, weak security practices, outdated software, human error, and other vulnerabilities.
“With larger companies, there is a greater risk for human error because you have a larger number of employees who are accessing your company data around the world,” Dan Schiappa, chief product and services officer at cybersecurity company Arctic Wolf, told Fortune. “Each one of these people and their workstations is a new potential risk, making it critical that organizations have full and clear visibility into their IT environment to catch any vulnerabilities or out-of-the-norm behaviors.”
So in the end, it may not completely be Slack’s fault after all, cybersecurity experts say.
“No single platform is impenetrable,” Divatia said. “Trusting your company's secrets to any one system is a recipe for disaster. The focus needs to shift from securing communication channels to protecting the data itself, regardless of where it resides or how it's transmitted. The root of the problem often lies in how data is managed within these platforms, not necessarily the platforms themselves.”
