Hackers have targeted Disney, leaking internal Slack workspace data online.
The information includes discussions on ad campaigns, studio technology, and interview candidates.
An anonymous hacking group known as Nullbulge has claimed responsibility for the breach.
In a blog post, the group wrote it had published data from thousands of Slack channels within the entertainment company.
It includes computer code and details about unreleased projects.
The Wall Street Journal first reported the news.
Slack is a popular tool used by large companies for group communications on strategic initiatives.
Nullbulge’s claims about the extent of the documents taken and how it got them have not been independently verified.
The Journal saw conversations about maintaining Disney’s corporate website, software development, assessments of job candidates, programs for emerging leaders within ESPN, and even photos of employees’ dogs.
The data stretches back to at least 2019.
A spokesman said: “Disney is investigating this matter.”
Disney’s vast business empire spans movies, streaming services (Disney+ and Hulu), theme parks, cable TV, and sports network ESPN.
It also includes major franchises like Marvel and Star Wars.
In recent weeks, Nullbulge has posted screenshots of documents online it claims were obtained from Disney’s Slack channels.
These include excerpts of project descriptions and plans and visits, as well as booking and revenue data from Disneyland Paris.
Nullbulge describes itself as a hacktivist group advocating for artist rights and selecting targets based on social, economic, or political values.
Need Career Advice? Get employment skills advice at all levels of your career
A spokesperson for the hackers said online Disney was targeted “due to how it handles artist contracts, its approach to AI, and its blatant disregard for the consumer.”
These comments highlight growing ideological rifts in the entertainment industry as advancements in artificial intelligence progress.
Some artists and activists are concerned creative work has been scraped from the internet without compensation by large tech companies using it to power new chatbots and other tools.
Several tech companies argue scraping the public internet is fair use of posted work.
“If we said ‘Hello Disney, we have all your Slack data,’ they would instantly lock down and try to take us out. In a duel, you better fire first.”
Nullbulge chose to release the data rather than making demands of Disney, believing the company would have immediately moved to shut them down.
The group said: “If we said ‘Hello Disney, we have all your Slack data,’ they would instantly lock down and try to take us out. In a duel, you better fire first.”
Eric Parker, a security researcher monitoring Nullbulge’s activities, believes the group is a single person seeking attention rather than money.
The hacking group has previously distributed malicious software through free add-ons for video games and AI-powered image-generation software, a tactic known as a Trojan horse.
Nullbulge said it accessed the information through a compromised Disney software development manager’s computer.
The group utilized a video game add-on and an undisclosed method.
The extent of the group’s access to Disney’s Slack system remains unclear.
Public disclosure of internal company messages, code, and documents can severely disrupt companies and undermine their commercial goals.
In 2014, hackers linked to North Korea caused Sony Pictures to be in disarray, damaging internal systems and releasing embarrassing email exchanges.
Months after the incident, Sony’s co-chairman Amy Pascal resigned.
