Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security

Leaked Disney Data Reveals Financial and Strategy Secrets (msn.com) 48

An anonymous reader shares a report: Passport numbers for a group of Disney cruise line workers. Disney+ streaming revenue. Sales of Genie+ theme park passes. The trove of data from Disney that was leaked online by hackers earlier this summer includes a range of financial and strategy information that sheds light on the entertainment giant's operations, according to files viewed by The Wall Street Journal. It also includes personally identifiable information of some staff and customers.

The leaked files include granular details about revenue generated by such products as Disney+ and ESPN+; park pricing offers the company has modeled; and what appear to be login credentials for some of Disney's cloud infrastructure. (The Journal didn't attempt to access any Disney systems.) "We decline to comment on unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor's illegal activity," a Disney spokesman said. Disney told investors in an August regulatory filing that it is investigating the unauthorized release of "over a terabyte of data" from one of its communications systems. It said the incident hadn't had a material impact on its operations or financial performance and doesn't expect that it will.

Data that a hacking entity calling itself Nullbulge released online spans more than 44 million messages from Disney's Slack workplace communications tool, upward of 18,800 spreadsheets and at least 13,000 PDFs, the Journal found. The scope of the material taken appears to be limited to public and private channels within Disney's Slack that one employee had access to. No private messages between executives appear to be included. Slack is only one online forum in which Disney employees communicate at work.

This discussion has been archived. No new comments can be posted.

Leaked Disney Data Reveals Financial and Strategy Secrets

Comments Filter:
  • Many of us are waiting to hear if there's any information that backs up the allegations of illegal hiring practices (excluding candidates based explicitly on race and/or gender). More evidence of that would be a real story.
    • Many of us are waiting to hear if there's any information that backs up the allegations of illegal hiring practices (excluding candidates based explicitly on race and/or gender). More evidence of that would be a real story.

      White guys have been running Disney for the past several decades [marketwatch.com].

  • by IWantMoreSpamPlease ( 571972 ) on Thursday September 05, 2024 @10:21AM (#64765296) Homepage Journal

    Is how much Disney is *really* losing on all of it's TV endeavours. Things like "The Acolyte" set them back near 200million in production costs, but how much of a loss (or profit...you know, Hollywood accounting) did they actually take?
    Ditto with the other SW-related series. Are the studio heads looking at real changes, or, despite fan backlash, have decided since money is made, it's steady as she goes?

    • by battingly ( 5065477 ) on Thursday September 05, 2024 @10:56AM (#64765440)

      Is how much Disney is *really* losing on all of it's TV endeavours. Things like "The Acolyte" set them back near 200million in production costs, but how much of a loss (or profit...you know, Hollywood accounting) did they actually take? Ditto with the other SW-related series. Are the studio heads looking at real changes, or, despite fan backlash, have decided since money is made, it's steady as she goes?

      Is it even possible to assign a profit/loss number to one specific production that appears on a streaming service? It contributes to retention of monthly subscribers, but how do you assign a value to that contribution?

      • by hawk ( 1151 )

        >Is it even possible to assign a profit/loss number to one specific
        >production that appears on a streaming service?

        Sure. Just use Hollywood Accounting.

        No, it doesn't have any relation to accounting, but something that can show that the Sound of Music and Star Wars can spew a number for something with no tickets at all.

        We learned a lot about it when Eddie Murphy testified in Art Buchwald's suit over the claim that they owed him nothing for his gross percentage in Coming to America.

        Stuff like including

    • Birth rates are dropping and Disney depends on youth. They are just in the wrong industry at the wrong time unless they find a way to change their spots, which usually fails for large orgs.

      I'd hate to be in the shoes of the CEO.

      • Gotta wonder if the Baby Bust (tm) back in the 70s factored into Disney's floundering in the 70s and early 80s.

  • by King_TJ ( 85913 ) on Thursday September 05, 2024 @10:40AM (#64765388) Journal

    Disney has no shortage of bad actors. :P

  • Whoops (Score:5, Interesting)

    by slaker ( 53818 ) on Thursday September 05, 2024 @10:59AM (#64765454)

    A zillion years ago, I had a contract IT job at a Disney site because an on-site admin got deported and I was the sacrificial body they hired as a replacement. I was at that time the only IT person in a tri-state area. Disney refused to give me a place to sit or a PC authorized on its network. I just got a Nextel phone with zero numbers in it and no one I could "push to talk" to. Supposedly that phone was supposed to ring if someone needed me, but it never did. I wound up working in the server room and checking my webmail from a file server because they didn't give me anything else to use and the one and only thing they told me to do was handle user support tickets like on-site account issues or hardware problems.

    While I was there, one of a pair of giant Cisco routers on site started to fail. It was randomly dropping connections within one blade of its telco-style high density blades and I could tell one of the exhaust fans in the back had died. I didn't know a damned thing about it, but so I ran it up the chain in corporate IT. Eventually I got on the line with someone senior enough to know Disney's WAN architecture... and it turned out that Disney had absolutely zero documentation on these particular devices, not even asset tags, nor could they remote in with passwords they had. This basically told me "This is a you problem not a me problem."

    And so I, as kid on a six-month IT Support contract, went to the on-site management and explained the deal. He signed off on a same-day visit uncontracted support visit from a Cisco tech, who informed me that these long out of hardware support routers had never had their running config saved and both of them were probably going to die from all the toner floating around the server room, which was also home to some secured printers the on-site HR people used. But he was able to get parts and these things were designed to have parts replaced while they were running, so they did get fixed. The bill from Cisco was high five figures and as far as everyone was concerned, this was all my fault as the responsible person on site and it was very, very obvious that I was going to get crucified over it.

    About two days later, some guy shows up and introduces himself as my replacement. I was only about halfway done with my contract, but unlike me, this guy had a new laptop, new phone and an actual knowledge of operations. I was still paid for the remainder of my contract, and the one and only thing that gave me any solace over the gig, per my replacement, was that it turned out that in the massive comedy of errors that was my entire time on that job was that I'd somehow been put in a Super Admin group with rights through the whole AD forest rather than just at my site or local domain and as such it was imperative that I not be allowed to touch absolutely anything on my way out the door. Nice guy though. He did at least buy my lunch.

    Yes, this was around 20 years ago, but these are not people I would trust to have their IT act together.

    • by Tablizer ( 95088 ) on Thursday September 05, 2024 @11:12AM (#64765484) Journal

      Working for large orgs is almost always a bureaucratic mess, be it gov't or private sector. Those who like merit and logic will not like bureaucracies. I don't see many books or college courses on surviving bureaucracies. They like to teach you how to run an ideal org, but not how to deal with a dysfunctional one where you are not CEO. Dilbert is perhaps the only realistic publication on it.

      • by Bongo ( 13261 )

        Those who like merit and logic will not like bureaucracies.

        This wants emblazoning across the sky and mountains.

        • by Tablizer ( 95088 )

          > emblazoning across the sky and mountains.

          We ordered that years ago, but the bureaucracy is still working on it.

      • by mjwx ( 966435 )

        Working for large orgs is almost always a bureaucratic mess, be it gov't or private sector. Those who like merit and logic will not like bureaucracies. I don't see many books or college courses on surviving bureaucracies. They like to teach you how to run an ideal org, but not how to deal with a dysfunctional one where you are not CEO. Dilbert is perhaps the only realistic publication on it.

        Because the first rule is that you can never bludgeon your way through a bureaucracy.

        But I largely agree, bureaucracy is largely a function of size and as much as it annoys me, you don't want to see what happens when a large organisation (public or private) loses it's bureaucracy, it's the equivalent of a government collapsing and you end up with Jeff from accounts receivable beating people to death with a spent toner cartridge. It's one of the necessary evils of the world.

    • I like to read stories like this, not only are the entertaining for the uninitiated but it makes those that are either realize they don't have it so bad or feel some comradery. Thank you.
  • any thing on forcing ESPN to be all basic TV packages?

  • 44 million messages, 18,000 spreadsheets, 13,000 PDF files. Good luck making sense of that within a reasonable time.
    • Nah, just cherry-pick the stuff that looks sinister out of context to get clicks. That's the Web Way.

    • 44 million messages, 18,000 spreadsheets, 13,000 PDF files. Good luck making sense of that within a reasonable time.

      MASSIVE MUSICAL FANFARE: AI to the rescue!

      • by leonbev ( 111395 )

        I love this idea... mostly because it will likely pollute the LLM with Disney proprietary data, insuring that this confidential information will likely continue to get leaked in small batches for years to come.

    • 44 million messages, 18,000 spreadsheets, 13,000 PDF files. Good luck making sense of that within a reasonable time.

      Spoiler alert: Disney just generates a lot of TPS reports.

  • by bill_mcgonigle ( 4333 ) * on Thursday September 05, 2024 @12:03PM (#64765660) Homepage Journal

    It's good that WSJ journalists are shielded and can report openly.

    The City of Columbus OH is suing a security researcher for working with journalists in a similar case where the reporters allege that City management deliberately lied about what data was stolen in a ransomware exfiltration:

    https://youtu.be/HNURbRwj-X4 [youtu.be]

    It looks like the suit is part of an active coverup or at least sending a message to not challenge official coverups.

    The Streisand Effect is in full effect on this one.

  • by Odin's Raven ( 145278 ) on Thursday September 05, 2024 @12:31PM (#64765744)

    The scope of the material taken appears to be limited to public and private channels within Disney's Slack that one employee had access to.

    Disney lawyers naturally attempted to sue that one employee, but in a surprise twist it turned out that due to the Terms of Service printed on the back of a menu the employee was handed during a lunch break five years ago, the case can only be settled via arbitration, hosted at one of Disney's theme restaurants and decided by the head chef.

  • by Arrogant-Bastard ( 141720 ) on Thursday September 05, 2024 @01:21PM (#64765934)
    This is the Nth hack that's involved the release of a VERY large corpus of data from Slack. And that's not surprising, because so many companies/organizations/etc. have made the blunder of outsourcing their internal communications to Slack, thus signing themselves up for Slack's threat model instead of sticking with their own.

    And the implication of that is that while attackers may have a budget (of money, time, risk, etc.) to go after Corporation 1, and a different budget to go after Corporation 2, and Corporation 3, and so on, their budget to go after Corporations 1-500 is going to be much, much higher...because if they succeed, the payoff is potentially enormous. And this in turn is why massive leaks of Slack-resident data keep happening: it's worth attackers' resources. And not only does Slack have very little chance of defending against this, why should they? It's not their data. It's cheaper and easier to write a TOS that disclaims all responsibility, run it past the attorneys to make sure it's comprehensive, get everyone to agree to it, and then blame customers when things go sideways.

    TL;DR: using Slack is convenient, easy, slick, and a really, really bad idea.
  • Imagine where they'd be, if they didn't steal from the public domain through incessant copyright extensions.
  • 2024 - Identify healthy franchises
    2025 - Weaken them
    2026 - Identify groups to blame for franchise failure
    2027 - Discontinue resuscitation attempts.

The only person who always got his work done by Friday was Robinson Crusoe.

Working...