A self-described hacktivist group is claiming today to have hacked Walt Disney Co.’s Slack account and released more than 1.1 terabytes of stolen data from the account.

The group calls itself NullBulge and claims to be a hacktivist group that protects artist’s rights to ensure fair compensation for their work. According to its website, the group stands against cryptocurrency and crypto-related products, artificial intelligence-generated artwork and any form of theft from artists in general.

According to a blog post on the group’s site, the data stolen from Disney’s Slack account includes 1.1 terabytes of data across almost 10,000 channels, with every message and file possibly dumped. The data is said to include unreleased projects, raw images and code, some logins, links to internal application programming interfaces and web pages, and more.

“We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!” the blog post reads before the group adds, “I thought we had something special Matthew J Van Andel.” According to his LinkedIn profile, Andel is a manager of software development at Disney, but it’s not clear whether the implication from NullBulge is whether Andel gave them access and then cut them off or was the one to discover the illicit access and cut it off.

Though the entirety of what has been dumped has not been confirmed as being legitimate, the Wall Street Journal noted that the material they have viewed appears to be real. The material is said to have included conversations about maintaining Disney’s corporate website, software development, assessments of candidates for employment, programs for emerging leaders within ESPN and photos of employees’ dogs, with data stretching back to at least 2019.

Disney has yet to comment on the claimed data theft and dump.

Not much is known about NullBulge, except that the group was briefly covered by 404 Media in June when it attempted to hack people trying to use the AI image generation software Stable Diffusion through a malicious extension for the service on GitHub.

Dubious GitHub scripts to taking on Disney is a big leap and while NullBulge says it’s a hacktivist group, some reports suggest that it may be linked to the infamous LockBit ransomware operation due to its apparent use of a LockBit builder.

“I know many of Disney’s security team members and they care and the company extremely cares about cybersecurity,” Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., told SiliconANGLE. “There are many tens of millions spent a year to protect Mickey’s and Disney’s creative content. Not sure how this happened, but you can be assured this will be addressed at the highest levels and fixed. But it’s also a cautionary lesson that even companies with the best cybersecurity can have security incidents, even with great employees and great company support.”

Image: SiliconANGLE/Ideogram