Disney’s Slack under attack: Hacktivists expose chat data on artist rights


A hacktivist group, NullBulge, claims to have stolen more than a terabyte of data from Disney’s internal chat platform, leaking it online in a dramatic protest against what they allege is the company’s anti-artist stance.

 


NullBulge, active since at least May, says its mission is to “protect artists’ rights and ensure fair compensation for their work.” On Friday, the group released Disney’s internal Slack channel on the decentralised BitTorrent file-sharing platform, marking the start of their protest.

 


Unlike typical corporate hackers, NullBulge appears uninterested in financial gain. The group did not demand a ransom from Disney, opting instead to release the first batch of stolen files immediately.

 


“Here is one I never thought I would get this quickly,” said the group’s anonymous spokesperson with the initial release. “Disney. Yes, that Disney. The attack has only just started, but we have some good stuff.”

 


Sceptics, however, question the group’s true motives. Ilia Kolochenko, chief executive of the cybersecurity firm ImmuniWeb, suggested the hacktivist claims could be a “well thought-out smokescreen to mask the true identities and real motives of the hackers.”


“Hacktivists are highly unlikely to run operations of such scale to protect intellectual property and the rights of artists,” Kolochenko said.


Despite these doubts, NullBulge’s actions have previously aligned with its stated ideology. In June, the group compromised a popular plugin for the artificial intelligence image generator Stable Diffusion, using malware to steal login credentials and extend their reach.


The group claims it accessed Disney’s network via a developer who installed another compromised tool, a video game mod.


NullBulge’s website features a mission statement that outlines their principles: “You Hacked Me Why?”, it asks. “We are sorry we had to do that to you, but we only do it if you have committed one of our sins.”


“Crypto Promotion: We do not condone any form of promoting cryptocurrencies or related products/services. AI artwork: We believe AI-generated artwork harms the creative industry and should be discouraged. Any form of Theft: Any theft from Patreons, other supportive artist platforms, or artists in general.”


Even the group’s name and mascot are distinctive: NullBulge is represented by an anthropomorphic lion, covered in blue slime, with a noticeable bulge in its crotch.


In a statement to The Wall Street Journal, NullBulge explained their immediate release of the data, “If we said ‘Hello Disney, we have all your Slack data’ they would instantly lock down and try to take us out. In a duel, you better fire first.”

First Published: Jul 18 2024 | 12:16 PM IST