Data stolen from Disney’s private Slack channels, which are used for internal company-wide communication, has been seized and leaked online. The hackers have identified themselves as the anonymous group Nullbulge, which claims to be motivated by protecting artists from the threat of A.I.-generated content.
Since the arrival of A.I. tools like OpenAI’s DALL-E and Sora, which can be used to generate images or video from a simple text prompt, artists have raised concerns over how copyrighted work is being used to train these tools without prior consent or compensation. Many also fear these tools eventually replacing them. Some artists have attempted to reassert their rights through the courts but today’s copyright laws were not written with A.I. in mind, so many others have resorted on more vigilante methods. Other artists have accepted the inevitability of A.I. and hope to adapt by establishing new models for licensing their creative output.
Nullbulge describes itself as “a hactivist group protecting artists’ rights and ensuring fair compensation for their work,” according to its website. It claims that its “hacks are not those of malice, but those to punish those caught stealing.” Last month, it compromised one interface for the popular A.I. image generator Stable Diffusion, using malware to steal logins.
The group did not respond to a request for comment, but told The Wall Street Journal, which first published news of the hack, that it targeted Disney “due to how it handles artist contracts, its approach to A.I., and its pretty blatant disregard for the consumer.”
According to a blog post by Nullbulge, the group seized 1.1 terabytes of data from Disney’s Slack, or every message and file shared on nearly 10,000 Slack channels, which includes images, code, logins, links to internal webpages, info on visitor numbers and revenue for Disneyland Paris, and documents about unreleased projects. The group said that it did not attempt to bargain with the entertainment giant before leaking the entirely of its findings on BitTorrent, a decentralized platform for file sharing, last Friday.
Examples of internal conversations that included assessments of potential job candidates and software development plans, dating as far back as 2019, were viewed by the WSJ. However, the publication was not able to confirm the scope of data the group claims to have stolen or how it managed to do so.
According to Nullbulge, the group twice compromised the computer of a software development manager at Disney, who is named on the group’s blog. They were able to gain access after he downloaded a tool that it had corrupted with malware.
“The user was aware we had them,” the group told Variety via email. “He tried to kick us out once but let us walk right back in before the second time.”
Disney has been contacted for comment on the hack but did not respond by publication time. It told the WSJ that it is investigating the incident.