Disney ditching Slack after massive July data breach
The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company's internal communication channels.
According to CNBC, Disney has already begun migrating to new "streamlined enterprise-wide collaboration tools" and emailed employees this week to say that they will finish the migration at the end of the company's next fiscal quarter.
This move comes after the company suffered a massive data breach in July when a threat actor named 'NullBulge' breached Disney's Slack platform and stole 1.1TB of data.
The threat actor claimed to steal all messages and files from almost 10,000 Slack channels containing upcoming project details, financial information, information technology information, and other confidential information.
Disney suffered another data breach a month earlier when 2.5GB of Club Penguin and corporate data was leaked from the company’s Confluence server on the 4chan message board.
It's unclear how employees will communicate after moving away from Slack and whether Disney will be transitioning to another enterprise platform, like Microsoft Teams, or their own internal software.
Communication platforms, like Slack, can be a tempting target for threat actors to steal confidential files that can be used to taunt their victims.
In 2022, the Lapsus$ hacking group breached Uber's Slack server using an employee's stolen credentials, where they taunted employees about how they were breached.
In August 2023, threat actors breached Activision's Slack server, stealing employee data and information about upcoming games.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024