(Credit: Aaron P/Bauer-Griffin/Contributor via Getty Images)
Some internal correspondence between Disney employees has been published online after a data leak, which reportedly affected some of the company's Slack channels. Disney is now investigating the situation, The Wall Street Journal reports.
The leak reportedly includes about 1.1TB of data, including personal information on current and prospective Disney employees, login credentials, employee photos, and conversations about Disney's corporate website, software development, and other topics, according to files reviewed by the WSJ and Cyber Press.
News of a possible Disney data breach first circulated online over the weekend after a self-described hacktivist group known as "Nullbulge" claimed to have obtained and leaked the data online. On their website, the attacker implied the breach may have come from a single Disney software engineer's computer.
In a statement to the WSJ, the attacker said they infiltrated the engineer's computer twice after the engineer reportedly downloaded an infected video game add-on to their computer. PCMag has reached out to the Disney employee for comment.
The engineer may have unknowingly encountered or installed a type of malware that resulted in the breach and subsequent leak. Cyber Press and malware tracking group VX Underground have suggested the incident might be due to infostealer malware. This type of Trojan malware secretly gathers data about a victim and swipes credentials that can then be used to unlock other accounts or data.
PCMag has reached out to Disney for comment.