A new-coming “hacktivist” group claims to have worked with a Disney insider to leak more than 1 terabyte of data from the entertainment giant — including code, login details, unreleased projects and more.

Going by the name NullBulge, the group first teased the alleged data on 12 July, posting a countdown timer alongside the hashtag #Disney on social media platform X.

Later that afternoon, the group announced it had stolen and “dumped” 1.1 tebibytes (around 1.2 terabytes) of data from almost 10,000 Disney communication channels on business messaging platform Slack.

The group claimed to have hit “every message and file possible”.

“Have fun sifting through it, there is a lot there,” wrote NullBulge.

The group shared a download link for the data, and though Information Age has not tested it first-hand, many users on X and Reddit claim to have viewed the contents.

“Looking through it now, most of it seems to be from 2020-2021,” said one Reddit user.

“I've found a ton of personal pics shared between co-workers, I feel gross, I'm out.”

The Wall Street Journal reported it had viewed material regarding website maintenance, software development, assessments of candidates for employments, programs for emerging leaders, and “photos of employees’ dogs” stretching back to at least 2019.

Disney has confirmed it is “investigating this matter”.

Eurogamer also noted that since the attack, details regarding a collaboration with gaming giant Epic Games as well as a long-anticipated Aliens video game have started to pop up on social media.

NullBulge has meanwhile claimed the attack was enabled with the assistance of an insider working at Disney.

“We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!” wrote NullBulge.

The “inside man” referenced here is allegedly Matthew J Van Andel – a person who SiliconAngle and numerous other publications report may have worked at Disney in a software role.

The LinkedIn profile for Andel appears to have been deactivated earlier this week.


NullBulge claimed the attack on Disney was enabled by an insider working at the company. Photo: Shutterstock

Hacker vigilantes target AI art

According to threat intelligence outfit Sentinel Labs, NullBulge first emerged between April and June this year.

The group — which targets AI and gaming-focused entities — runs its attacks by leveraging code on the public repositories of development platforms such as GitHub, effectively baiting victims to incorporate malicious libraries into their development environments.

As a result, victims may find themselves subject to data leaks or hit by popular ransomware Lockbit (which more gangs are adopting thanks to a recently leaked Lockbit ransom builder).

NullBulge previously flaunted an attack on AI-art software ComfyUI, linking to a page of allegedly stolen username and passwords from various different platforms, including Instagram and Adobe.

“After many months someone finally had the 2 brain cells to look at the s**t they run. AI-Bros are so predictable,” wrote NullBulge.

The hacking group sports a distinctly Robin Hood-esque aesthetic, with its profile on X reading “the group of few to protect many”.

Furthermore, NullBulge takes a firm stance against “art theft” and advocates for “fair compensation models”, with its website stating “AI-generated artwork harms the creative industry and should be discouraged”.

While the group hasn’t directly addressed its motivations for its alleged Disney attack, the company has adopted AI in recent works and was one of the companies rallied against during last year’s Hollywood writers’ protest against AI replacement.

As for the meaning of the group’s name, NullBulge’s website flaunts a seemingly AI-generated image of a neutered Simba from Disney’s The Lion King.