Walt Disney Co. has fallen victim to a massive data breach inflicted by hacktivists and motivated by AI-related reasons.
As first reported by the WSJ, the hacker group called NullBulge allegedly obtained and leaked over one terabyte of data from Disney’s internal Slack channels.
According to the hackers, who describe themselves as “hacktivists,” the leaked data includes sensitive data ranging from traffic and revenue data for Disneyland Paris to unreleased projects and images.
NullBulge claims its actions are motivated by a desire to “protect artists’ rights and ensure fair compensation for their work,” its website stating, “We believe AI-generated artwork harms the creative industry and should be discouraged.”
In an email to Variety, the hackers stated, “Disney was our target due to how it handles artist contracts, its approach to AI, and it’s pretty blatant disregard for the consumer.”
Last year, at least 11 AI-related jobs were posted at Disney. A company insider said, “Legacy media companies like Disney must either figure out AI or risk obsolescence.”
Tensions between content creators and major corporations are growing outside of Disney, too.
In 2023, thousands of authors, including Neil Gaiman and George R.R. Martin, signed an open letter to AI companies regarding the unauthorized use of their work to train AI models.
Getty Images filed a lawsuit against Stability AI, alleging the illegal scraping and use of their copyrighted images for AI training.
That was just the beginning. Now, the floodgates are open, and there are tens – possibly even hundreds – of unsolved lawsuits targeting AI companies.
High-profile plaintiffs include the New York Times and, most recently, record labels Universal Music Group, Sony Music, and Warner Records.
What we know about the Disney breach
The breach reportedly occurred through a compromised Slack account, with the hackers claiming they gained access via “a man with Slack access who had cookies.”
Cybersecurity experts have speculated that the breach may have been enacted through exploiting stolen or leaked API keys.
Rahul Sasi, CEO of CloudSEK, told CISO online, “Developers often integrate Slack into their automation tools, and in the process, sometimes accidentally leak these keys on code-sharing sites like GitHub or API platforms like Postman.”
Disney acknowledged the breach and stated that it’s “investigating this matter.”
The full extent of the data leak and its potential implications for the company’s operations and future projects remain ambiguous.
Cyber attacks are worrying tech companies
Just last week, it came to light that back in 2023, OpenAI suffered a data breach that exposed internal discussions about the company’s latest AI technologies.
Like the Disney incident, it involved a hacker accessing OpenAI’s internal messaging systems.
OpenAI’s handling of the breach was criticized after former technical program manager Leopold Aschenbrenner raised concerns about the company’s security practices.
Aschenbrenner claimed he was fired for leaking information outside the company and argued that OpenAI wasn’t doing enough to prevent foreign governments from stealing its secrets.
These events are a wake-up call for the industry – both that hacktivists have an agenda against tech companies and that their defense systems aren’t always ironclad.
© Copyright - 2023- 2025. All Rights Reserved.