Disney’s Slack Data Breach Sparks Major Shift in Communications Strategy
The Walt Disney Company, a global entertainment giant, is reportedly severing ties with workplace communications platform Slack. This decision comes in the wake of a significant data breach earlier this year that exposed over a terabyte of sensitive company information, raising serious concerns about Disney’s cybersecurity posture.
The Slack Data Breach was orchestrated by the hacktivist group “NullBulge” in June 2024. The group claimed responsibility for the breach, stating that they had access to Disney’s unannounced projects, raw images and code, login credentials, internal API and webpages, and other miscellaneous data. The leaked data encompassed over 44 million messages from Disney’s Slack workplace communications tool.
Source: X
Cybersecurity Concerns Drive Disney’s Decision to Ditch Slack
According to Status News, Disney’s Chief Financial Officer (CFO), Hugh Johnston, confirmed that most of the entertainment giant’s divisions will stop using Slack by the end of Q1 FY25.
Johnston shared an email with staffers on Wednesday, stating, “I would like to share that senior leadership has made the decision to transition away from Slack across the company.”
“Our technology teams are now managing the transition off Slack by the end of Q1 FY25 for most businesses,” he added. Johnston acknowledged that some “more complex use cases” will require additional time to transition off Slack, but the entire migration from the messaging application should be completed during the second quarter of 2025.
The report also mentioned that many teams at Disney have already started transitioning to other streamlined enterprise-wide collaboration tools, though the specifics of the new system remain unclear. Some of the potential replacements for Slack include Microsoft Teams, Google Chat, Webex Suite, Workplace, Mattermost, RingEX, Filestage, and Symphony.
The Slack Data Breach and its Impact on Disney
The slack data breach exposed a wealth of sensitive information, including:
- Details of Disney’s unannounced projects
- Raw images and code
- Login credentials
- Internal API and webpages
- Miscellaneous data
- Slack chat contents, including files, screenshots, employee pictures, and phone numbers
The attackers claimed that they had an inside man at Disney who assisted them in the data leak. However, they also claimed that this collaborator refused to provide them with more data after initially helping them gain access.
“We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!” the attackers wrote in their blog post.
The slack data breach also revealed that Disney was working on a sequel to the 2021 game Aliens: Fireteam Elite, codenamed Project Macondo, scheduled for release in Q3 2025.
The Slack Data Breach Highlights the Growing Cybersecurity Threat Landscape
Disney is not the first company to fall victim to slack data breaches. In 2023, a threat actor gained access to Slack channels at MGM Resorts and used the platform to initiate a malware attack, spying on employees and obtaining additional data. In December 2022, video game publishing company Activision was also hacked, with attackers gaining access to the company’s Slack and game release schedule.
The slack data breach at Disney serves as a stark reminder of the ever-evolving cyber threat landscape. It underscores the importance of vetting and continuously monitoring third-party vendors, understanding their cybersecurity practices, and ensuring they meet the organization’s security standards.
Key Takeaways from the Disney Slack Data Breach
- Cybersecurity is a critical concern for all organizations. The slack data breach at Disney highlights the importance of robust cybersecurity measures, including strong access controls, data encryption, and regular security audits.
- Third-party vendors pose a significant cybersecurity risk. Organizations must carefully vet and monitor their third-party vendors, ensuring they meet the organization’s security standards.
- Employees are a crucial part of cybersecurity. Organizations must educate employees about cybersecurity threats and best practices to minimize the risk of insider threats.