Information leaked from the Walt Disney Company earlier this summer includes passport numbers of cruise line workers, revenue generated from Disney+ and Genie+ (now Lightning Lane) and guest data.
Back in July, Nullbulge – a self-proclaimed Russia-based hacktivist group that advocates for artists’ rights – uploaded 1.1 terabyte of Disney data to the internet from the media giant’s internal Slack channels.
Slack is a messaging app for business used by many major companies, especially as work shifted to hybrid and remote roles following the COVID-19 pandemic. The software can be used on computers and smartphones.
“Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future,” Nullbulge’s website says about the Disney leak.
DISNEY REVERSES COURSE CITING ‘UNIQUE CIRCUMSTANCES,’ WAIVES RIGHT TO ARBITRATION IN WIDOWER’S LAWSUIT
The hacktivist group says they only hack “if you have committed one of our sins,” which it lists as crypto promotion, AI artwork and any form of theft.
Ticker | Security | Last | Change | Change % |
---|---|---|---|---|
DIS | THE WALT DISNEY CO. | 89.25 | +0.12 | +0.13% |
CRM | SALESFORCE INC. | 246.13 | -1.55 | -0.63% |
Disney did not immediately respond to a FOX Business request for comment, but a spokesman previously told The Wall Street Journal it declines to comment on “unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor’s illegal activity.”
DISNEY REVEALS NEW RIDES, ATTRACTIONS FOR PARKS DURING MAJOR FAN EVENT
A spreadsheet about Genie+, the premium park pass launched in 2021, showed generation of $724 million in pretax revenue between October 2021 and June 2024 at Walt Disney World alone, the WSJ reported.
Internal spreadsheets also showed Disney+, the company’s streaming entertainment app, generated more than $2.4 billion in the first quarter of the year.
Passport numbers, visa details, places of birth, physical addresses and current assignments of Disney staff aboard the company’s cruises were also revealed from the Slack channels, the WSJ states.
The WSJ says back in August, Disney told investors in a regulatory filing that it was investigating the leak, but the incident had not had a material impact on operations or financial performance and the company did not expect that it would.
Nullbulge’s access to the data came from the compromised computer of a manager of software development, according to the WSJ.
“Companies are getting breached all the time, especially data theft from the cloud and software-as-a-service platforms,” Roei Sherman, field CTO at Mitiga Security, told Wired tech magazine.
Read the full article here