In a significant data breach, hacktivist group NullBulge has infiltrated Disney’s internal Slack infrastructure, leaking 1.2TB of sensitive data. This breach, posted on the cybercrime platform Breach Forums on July 12, 2024, exposes many of Disney’s internal communications, compromising messages, files, code, and other proprietary information.
Why would Disney demand that?
Why would they choose slack if they want to host, maintain and be responsible for the internal chat themselves?
They choose slack because they do it for them so that they don’t have to do it themselves. That is the selling point for them.
Businesses buy cloud services, because they do not want to manage stuff themselves.
They can still have support contracts and SLA etc from slack.
It’s just that the servers slack runs on are on-prem and completely controlled by the business buying into the self hosted licence.
The benefits should be tighter security (say, can only be accessed via VPN), and for many many MAU probably lower costs. Chances are, Disney already has datacenter ops and hardware contracts.
And why choose slack? For quite a while, it was extremely common for developers (maybe even industry standard?). It had loads of features in the small market of internal chat programs. And it’s easy to build extensions and integrations for.
I’m not saying that Disney is running on-prem slack, but I wouldn’t be surprised if they were
Ostensibly better opsec