Disney Probing Cyber Assault by Anti-AI Group Who Says It Took ‘Anything We Could Get Our Hands On’
July 16 2024, Published 3:23 p.m. ET
Disney has launched a probe into a cyber attack by an anti-AI group that compromised a massive amount of internal information from thousands of the company's Slack channels, RadarOnline.com can confirm.
A Disney spokesperson acknowledged the hack this week, telling reporters only that the company was "investigating this matter.”
A hacktivist group known as NullBulge took credit for the attack, writing in an X post on July 11: "Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? Go grab it."
The group claimed to have obtained "every message and file possible" from "almost 10,000 channels," gaining access to "unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there."
A spokesperson for the group told The Wall Street Journal, who first reported the hack, that it targeted Disney “due to how it handles artist contracts, its approach to AI, and it’s [sic] pretty blatant disregard for the consumer."
The outlet viewed some of the leaked files and reported that they featured “conversations about maintaining Disney’s corporate website, software development, assessments of candidates for employment, programs for emerging leaders within ESPN and photos of employees’ dogs, with data stretching back to at least 2019.”
NullBulge described itself on its website as: "A hacktivist group protecting artists' rights and ensuring fair compensation for their work."
They wrote: "Our mission is to enact ways to ensure that theft from artists is reduced and to promote a fair and sustainable ecosystem for creators. Our hacks are not those of malice, but those to punish those caught stealing. Big and small theft, meet the same fate. Be way where you get content from, because we will work tirelessly to develop and implement solutions that protect the rights and livelihoods of artists in the digital age."
A section titled "You hacked me?! Why?" explained: "We are sorry we had to do that to you, but we only do it if you have committed one of our sins."
Under "A.I. artwork," the hackers wrote: "We believe AI-generated artwork harms the creative industry and should be discouraged."
The group also also said in regards to the Disney hack that it "tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!"
They even called out an apparent Disney employee: "I thought we had something special Matthew J Van Andel! Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future."
A LinkedIn account reportedly belonging to Andel says he's been a manager of software development for The Walt Disney Company since January 2016. It was unclear how or if he was actually linked to the NullBulge data breach.
His "about" section reads: "All software ultimately exists for the benefit of people; with this in mind, every project I take on - no matter how big or small - is carefully planned, managed, crafted, and tested to offer simple, powerful experiences; but those experiences cannot merely benefit my own customers, they must also benefit THEIR customers and any developers that may come after me."
It continues: "Software is for humans, inside and out, even if it doesn't always seem that way.I see technology is an exciting, shifting, ever-evolving sea of opportunity. Discovering new and inventive ways to merge technology with vision, to create new and inspiring things, is my greatest passion."
Andel also called himself "an active contributor to dozens of open source projects."