Cyber Threat Radar – The Walt Disney Company has decided to discontinue the use of Slack for internal communications, following a security breach that resulted in over a terabyte of company data being exposed to the public.
The organization had initiated a shift towards new internal “streamlined enterprise-wide collaboration tools.” However, it recently formally informed employees and cast members that the majority of its business units would discontinue the use of Slack by the conclusion of Disney’s upcoming fiscal quarter, as stated in a memo from Disney Chief Financial Officer Hugh Johnston, which was acquired by CNBC.
Financial Details Compromised
Disney informed investors in August that the summer data breach, which compromised various financial details, computer codes, and information about upcoming projects, was not anticipated to significantly affect the company’s operations or financial results.
NullBulge, the hacktivist group that took credit for the breach, stated that the information originates from almost 10,000 channels within Disney’s internal Slack archive.
NullBulge asserted that it gained access to Disney’s data through an insider, whom it subsequently identified. While this claim has not been verified, NullBulge also shared extensive details about the purported insider, including their medical records, personally identifiable information, and the alleged Disney employee’s 1Password password manager credentials.
“Our Security Is Rock-Solid”
“Our security is rock-solid,” Marc Benioff, CEO of Salesforce, Slack’s parent company, told Bloomberg at the company’s annual Dreamforce conference recently. “Companies also have to take the right measure to prevent phishing attacks and to lockdown their employees’ social engineering. So, we can do our part, but our customers also have to do their part.”
Benioff highlighted that The Walt Disney Company remains engaged with Salesforce products across various facets of its operations, such as its call centers, Disney Stores, and Disney Guides.
Proven Protection Against Data Breaches
“In light of this data breach, SentryBay stands ready to help organizations with their cyber defense postures,” commented Liam Davenport, Cybersecurity Enterprise Solutions Director, SentryBay. “Our Armored Client solution is the OEM at the heart of Citrix App Protection, and is now proven protection against infostealer malware for Microsoft AVD and W365 endpoints. The patented solution utilises endpoint access isolation in a manner which does not impact on performance and includes Keylogging and Screen Capture protection.”
