Disney Moves Away from Slack Following Massive July Data Breach

• The Walt Disney Company decided to replace Slack with another solution for its internal communications.
• Hackers compromised Disney's internal Slack platform and exfiltrated over 1 terabyte of data this summer.
• The company did not disclose the new messaging service it plans to migrate to.

The Walt Disney Company took decisive action following a significant data breach in July, where over 1 terabyte of sensitive information was compromised. Reports suggest that Disney is replacing Slack with new enterprise collaboration tools to enhance its cybersecurity posture.

In July, the NullBulge activist hacker group claimed to have infiltrated Disney's internal Slack platform, exfiltrating an estimated 1.1TB of data. This extensive data set reportedly included messages and files from approximately 10,000 internal Slack channels.

The breach's fallout was further compounded when some of this information appeared on a hacking forum, raising concerns about the potential exploitation of exposed data. The leaked information included details on advertising campaigns, unreleased projects, software development, studio technology, logins, APIs, and interview candidates.

In response to the breach, Disney initiated a transition towards what it describes as “streamlined enterprise-wide collaboration tools.” According to an internal email circulated to employees, the company aims to complete this migration by the end of the next fiscal quarter.

However, Disney has not yet detailed whether these new tools will include an established platform like Microsoft Teams or a proprietary solution developed in-house.

Similar breaches have occurred in recent years, such as the Lapsus$ group's infiltration of Uber's Slack server in 2022 and a compromise of Activision's Slack server in August 2023.

NullBulge markets itself as a hacktivist group, but some believe it may be connected to the LockBit ransomware operation due to its apparent use of a LockBit builder. The hints about the Disney leak started in June, when the hackers posted on X what appeared to be Disneyland Paris visitor, booking, and revenue details.