Researchers from Cyber Press found 1.1 terabytes of leaked data from Disney’s internal Slack on infamous data leak forums.
The data was leaked by an infamous hacking group known as “NullBulge,” which revealed the data that was stolen from the Disney database.
This document contains a complete 10,000-channel data dump. These channels include every message and file possible. The material comprises unreleased projects, raw photographs, and source code, giving a rare look at development and creative procedures.
The leak also contains logins, links to internal APIs, and web pages, revealing the organization’s complex internal operations. This dataset provides a rare opportunity to analyze and understand the organization’s unfiltered information and resource flow.
To release this massive Twitter database exclusively, the user named as “NullBulge” created a new account on the data leak forum on July , 2024.
“NullBulge” is also believed to spread malware/ransomware through false leaked BeamNG mods, random AI items such as ComfyUI nodes, and who knows what else.
NullBulge claims that “Our mission is to enact ways to ensure that theft from artists is reduced and to promote a fair and sustainable ecosystem for creators. Our hacks are not those of malice, but those to punish those caught stealing. Big and small theft, meet the same fate. Be wary where you get content from, because we will work tirelessly to develop and implement solutions that protect the rights and livelihoods of artists in the digital age.”
Cyber Press researchers found an Excel sheet that contains the admin username and password in plain text for several platforms, including AmericanExpress.com, T-Mobile, Mailchimp, OpenAI, Namecheap, and more.
Not only Disney, but they have claimed they have compromised other platforms, such as howwelove.com, frenn.org, goldenstatefoods.com, fcci-site.com, and more.
While we figure out some last little things around the disney leak, here is a small one: howwelove.com, goldenstatefoods.com, frenn.org , fcci-site.com, and more! All wordpress, all had their SQL DBs dumped. Thanks Contexture. howwelovehas over 31,000 accounts in its DB. Enjoy :)
Based on the information disclosed by the threat actor, we suspect this incident represents yet another victim of Infostealer malware. Infostealer malware is designed to covertly infiltrate systems, extract sensitive information, and exfiltrate it to the attacker.
The data dump from the 10,000 channels, including messages, files, unreleased projects, raw images, source code, logins, and links to internal APIs and web pages, indicates a broad and deep compromise typical of Infostealer activities.
Such malware often operates silently, capturing and transmitting data without the victim’s immediate awareness, which aligns with the breadth and sensitivity of the data disclosed. The extensive nature of the compromised data suggests that the malware had persistent access, systematically harvesting and transmitting information over a period of time.
This breach underscores the critical need for robust cybersecurity measures, including regular monitoring, the use of advanced threat detection systems, and comprehensive response strategies to mitigate the impact of such attacks.