The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company’s internal communication channels.
According to CNBC, Disney has already begun migrating to new “streamlined enterprise-wide collaboration tools” and emailed employees this week to say that they will finish the migration at the end of the company’s next fiscal quarter.
This move comes after the company suffered a massive data breach in July when a threat actor named ‘NullBulge’ breached Disney’s Slack platform and stole 1.1TB of data.
The threat actor claimed to steal all messages and files from almost 10,000 Slack channels containing upcoming project details, financial information, information technology information, and other confidential information.
Disney suffered another data breach a month earlier when 2.5GB of Club Penguin and corporate data was leaked from the company’s Confluence server on the 4chan message board.
It’s unclear how employees will communicate after moving away from Slack and whether Disney will be transitioning to another enterprise platform, like Microsoft Teams, or their own internal software.
Communication platforms, like Slack, can be a tempting target for threat actors to steal confidential files that can be used to taunt their victims.
In 2022, the Lapsus$ hacking group breached Uber’s Slack server using an employee’s stolen credentials, where they taunted employees about how they were breached.
In August 2023, threat actors breached Activision’s Slack server, stealing employee data and information about upcoming games.
Source: www.bleepingcomputer.com