The Walt Disney Company leaked information earlier this summer, including the passport numbers of cruise workers, revenue generated by Disney+ and Genie+(now Lightning Lane), and guest data.
Nullbulge, a self-described hacktivist group based in Russia that supports artists’ rights, uploaded 1.1 Terabytes of Disney data from the media giant’s internal Slack channel to the internet back in July.
Slack, a business messaging app, is used by many large companies. This is especially true as the work has shifted from hybrid to remote roles after the COVID-19 epidemic. This software is available for both computers and smartphones.
Nullbulge website: “Consider dropping every piece of personal information you have in the future, from logins, credit cards, and SSNs, as a caution for people.”
The group claims that they will only hack “if one of our sins” has been committed, which includes crypto promotion and AI artwork.
A spokesperson previously told The Wall Street Journal that it declined to comment on the “unverified data The Wall Street Journal purportedly acquired as a result of an illegal act by a bad actor.”
The WSJ reported that a spreadsheet of Genie+, a premium park pass introduced in 2021, revealed generating $724 million in pretax revenue at Walt Disney World between October 2021 to June 2024.
Disney+’s streaming app generated $2.4 billion during the first quarter.
The WSJ reports that Slack channels revealed the passport numbers, visa details, and places of birth of Disney employees on the company’s ships, as well as their current assignments.
According to the WSJ, Disney informed investors back in August that the company was investigating the leak. However, the incident did not have a material effect on the company’s operations or financial performance, and it didn’t expect it to.
According to WSJ, Nullbulge gained access to data from a compromised computer belonging to a manager in software development.
“Companies are getting breached all the time, especially data theft from the cloud and software-as-a-service platforms,” Roei Sherman, field CTO at Mitiga Security, told Wired Tech magazine.
