Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Technology
Alex Hern UK technology editor

Hackers claim Disney data theft in protest against AI-generated artwork

the entrance to Walt Disney Studios and corporate headquarters in Burbank, California: a wide driveway is seen under an arch with lettering reading The Walt Disney Co and a symbol in the shape of Mickey Mouse's head and ears. A car is coming under the arch, which has trees to either side and in an avenue leading to buildings; it looks hot and sunny with a clear blue sky above.
‘Yes, that Disney,’ a spokesperson for the hackers wrote as the group published the stolen dataset. Photograph: AaronP/Bauer-Griffin/GC Images

Hacktivists claim to have stolen more than a terabyte of data from Disney’s internal chat platform and are leaking the information online in a protest against what they say is the company’s anti-artist stance.

The group, which calls itself NullBulge, has been active since at least May. It claims to be motivated by a desire to “protect artists’ rights and ensure fair compensation for their work”. On Friday, it published the entirety of Disney’s internal Slack channel online through the decentralised BitTorrent filesharing platform.

Unlike many corporate hackers, NullBulge seems not to be interested in financial rewards. The group did not publicly request a ransom from Disney, and posted the first selection of files from its stolen dataset almost immediately.

“Here is one I never thought I would get this quickly,” the group’s anonymous spokesperson said alongside the initial release. “Disney. Yes, that Disney. The attack has only just started, but we have some good shit.”

Others question the group’s motivations, however. Ilia Kolochenko, the chief executive of the cybersecurity firm ImmuniWeb, said the claims could simply be “a well thought-out smokescreen to mask the true identities and real motives of the hackers”.

“Hacktivists are highly unlikely to run operations of such scale to protect intellectual property and the rights of artists,” Kolochenko added.

Nonetheless, NullBulge’s methods have previously been in tune with its stated ideology. In June, a popular plugin for the AI image generator Stable Diffusion was found to have been compromised by the group. That tool, which provided an easy to use interface for the image generator, was updated to include malware from the hackers, which they used to steal further login credentials and extend their footprint in turn.

The group says it breached the Disney network through a developer who installed another tool it had compromised, a video game mod.

Its website features something close to a mission statement. “You Hacked Me Why?”, it asks. “We are sorry we had to do that to you, but we only do it if you have committed one of our sins.

“Crypto Promotion: We do not condone any form of promoting crypto currencies or crypto related products/services. AI artwork: We believe AI-generated artwork harms the creative industry and should be discouraged. Any form of Theft: Any theft from Patreons, other supportive artist platforms, or artists in general.”

Even the name of the group is evocative: NullBulge’s mascot is an anthropomorphic – “furry” – lion, covered in blue slime, with a noticeable bulge in its crotch.

In a statement to the Wall Street Journal, NullBulge added that it released the data immediately because it felt it would be “ineffective” to make demands of Disney: “If we said ‘Hello Disney, we have all your slack data’ they would instantly lock down and try to take us out. In a duel, you better fire first.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.