Disney is set to abandon Slack following a significant data breach that occurred in July, which exposed over 1TB of confidential messages and files from the company’s internal communication channels.
Internal emails shared reveal that Disney has commenced the transition to new “streamlined enterprise-wide collaboration tools,” with plans to complete the migration by the end of the upcoming fiscal quarter.
This begs the question: is Slack safe to use? Here’s our take.
The Disney data breach
Before we assess the safety of Slack, it’s essential to examine the specifics of the recent breach.
The cybercrime group known as NullBulge executed an attack earlier this year, managing to steal 1.1 TiB of data from 10,000 internal Disney Slack channels. The stolen information, as outlined by the attackers on the dark web, included unreleased projects, raw images, source code, login credentials, links to internal web pages, and other sensitive materials.
Crucially, NullBulge did not breach Disney’s Slack channels directly; instead, they received assistance from a malicious insider who facilitated access to the company’s internal communications.
Evidence of this insider’s identity was revealed when NullBulge leaked personally identifiable information, including medical records, their name, and a screenshot of their 1Password dashboard.
According to the hacking group, the exposure of the insider was a form of retribution for their failure to maintain communication and share more information with the attackers.
Why is Disney quitting Slack?
Following the data breach, Disney seems to be placing the blame squarely on Slack for the incident.
“I would like to share that senior leadership has made the decision to transition away from Slack across the company,” Hugh Johnston, Disney’s chief financial officer, stated in an email to staff. “Our technology teams are now managing the transition off Slack by the end of Q1 FY25 for most businesses.”
Disney has already begun shifting to alternative collaboration tools, according to the memo. While the complete transition off Slack is slated for the end of Q1 2025, some “more complex use cases” may not be finalized until the subsequent quarter.
This decision is notable—particularly given that there was no inherent vulnerability within Slack that led to the breach. The real issue was a malicious insider who deliberately sought to harm Disney’s reputation. While Slack served as the platform in this case, a similar breach could just as easily have occurred on Google Workspace, Microsoft Teams, or GitHub without the right security measures in place.
Slack isn’t the problem
When it comes to data breaches, the real culprit often isn’t the technology—it’s the human factor. Every employee in an organization can pose a risk, highlighting the need for strong controls to detect unusual or suspicious behaviors within collaboration tools like Slack.
In fact, if Disney had deployed a SaaS data loss prevention (DLP) solution for Slack, they would have sidestepped this breach entirely.
Tools like Polymer DLP, for example, bring robust insider threat protection to Slack. Through a combination of automated data classification, user behavior analytics and risk monitoring, our solution coaches users on security policies and blocks risky behavior.
When it comes to malicious insiders, Polymer DLP acts as a powerful deterrent: showing users that their data interactions are being monitored, and raising the alarm in the SOC for repeat offenders.
Conclusion
Ultimately, Disney’s issues will likely follow them to any new collaboration platform they choose. The problem isn’t Slack; it’s the lack of adequate protections in place for tools like it. Without a solid human risk management strategy, the risk of data breaches will continue to loom large, no matter the technology used.
Ready to beat insider threats once and for all? Request a free demo now.