top of page

Hactivist Group Makes Disney Grumpy After Breaching Its Castle Walls

Published: July 28, 2024 on our newsletter Security Fraud News & Alerts Newsletter.



It’s not the happiest place on Earth right now. In fact, there likely are some very Grumpy executives after a hacking group called Nullbulge claimed to have broken into the Disney corporate network and retrieved a kingdom’s worth of data. They also claimed to have released the first batch of that information, which they think is quite incriminating. That certainly puts this so-called hactivist group squarely in the Disney villain camp.


It’s OK to wish upon a star when it comes to cybersecurity, but there are also some real-world things that can be done. From an organizational perspective, there are ways to mitigate such evil plans by cyber attackers.


  • Train employees and anyone with network access on phishing identification. It only takes one click from one person to open the castle gates to an attacker.

  • Put a moat of cybersecurity tools in place, such as firewalls, antivirus, and spam filters.

  • Have a cyber-attack response plan in place. When a main character departs the scene, update the script to keep it current.

  • Require MFA for logins and consider forcing password resets on a regular schedule.


As a side note, there’s no magic to using Disney princess names as passwords. When Disney+ was breached in 2019, the names of 12 Disney princesses showed up as passwords more than 300,000 times on haveibeenpwned.


Spokespeople have said that Disney is investigating, but Nullbulge claims the data includes internal communications, images, studio information, login credentials, and a treasure trove more, amounting to about one terabyte of info. The group also stated that it got access through a developer, who had used a video game mod tool the group had installed.


Want to schedule a conversation? Please email us at advisor@nadicent.com

Comments


bottom of page