Sunday, May 4, 2025
Latest:
News

Disney Data Breach Hacker Pleads Guilty After 1.1 TB Slack Leak

HackAcademy

LOS ANGELES— A 25-year-old California man has admitted in federal court that he hacked a Walt Disney Company employee, raided nearly 10,000 private Slack channels, and then leaked 1.1 terabytes of corporate data under the fake banner of a Russian “hacktivist” group.

Malware Masquerading as AI Art

Prosecutors say Ryan Mitchell Kramer of Santa Clarita posed as a helpful coder in early 2024, uploading what looked like an AI-art generator to sites such as GitHub and Reddit. The program was booby-trapped with remote-access malware that granted Kramer full control of anyone who installed it.

One unsuspecting downloader was a Disney web engineer who used the same computer for work and personal projects. Once inside, Kramer pilfered credentials that opened the door to Disney’s internal Slack workspace—roughly 9,800 channels covering everything from unreleased ESPN initiatives to dog-photo threads.

Extortion Play as “NullBulge”

Between April and May 2024 Kramer quietly scraped Slack and cloud archives until he had more than a terabyte of files and messages. In July he resurfaced, emailing the employee while impersonating a bogus Russian collective called “NullBulge.” He threatened to publish the cache unless he received an unspecified ransom, then dumped the trove three days later when the worker refused to negotiate.

The leaked bundle—44 million messages by some estimates—revealed product road maps, source-code snippets, HR discussions, and personal data, including the victim’s bank and medical records. Disney confirmed the breach after it hit news wires and called in the FBI’s cyber squad for forensics.

Charges and Potential Sentence

Kramer pleaded guilty this week to one count of unauthorized computer access and one count of threatening to damage a protected computer. Each felony carries a maximum of five years in prison, leaving him exposed to up to 10 years at sentencing, plus restitution and supervised release. He also admitted compromising at least two other victims who downloaded his malware.

A sentencing date will be set after a pre-sentence report; prosecutors hinted they will seek enhanced penalties because the crime involved “sophisticated means” and “substantial financial harm.”

Disney and FBI Reactions

In a statement, Disney said it is “pleased this individual is being brought to justice” and vowed to keep cooperating with law enforcement. The company has since rolled out stricter endpoint monitoring and is reportedly phasing out Slack for an in-house collaboration platform by early 2026. The FBI called the plea “a reminder that distributing even a ‘harmless’ utility can mask real-world criminal intent.”

Lessons for Devs and Enterprises

  • Verify downloads: open-source packages should be vetted, hashed, and sandbox-tested before they touch corporate hardware.

  • Segment work and personal devices: dual-use machines give attackers double the attack surface.

  • Monitor SaaS tokens: Slack, Teams, and similar apps store long-lived tokens that can be exfiltrated and replayed.

  • Have an insider-threat plan: user-behaviour analytics and zero-trust designs limit how far a breached account can roam.

With a guilty plea secured, investigators are now hunting for anyone who helped Kramer monetise or further disseminate Disney’s stolen IP. For Hollywood studios—and any firm sitting on valuable creative assets—the case underscores how a single poisoned download can snowball into the leak of an empire’s secrets.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *