Disney Plans to Stop Using Slack After Severe Data Leak

Entertainment giant Disney recently announced that they will stop using Slack as their workplace communication tool after hackers breached 1.1TB of company data. This decision was made only a few days after Salesforce CEO Marc Benioff praised Disney at the Dreamforce keynote, marking them as a prime example of Salesforce integration.

According to an internal memo, Disney plans to move from Slack to an “enterprise-wide collaboration tool”, with the transition to be made by the end of 2024. Let’s take a look at how hackers managed to infiltrate Disney’s Slack channel and examine Salesforce’s shared responsibility model in addressing such security incidents.

How Disney Got Hacked

Disney’s Slack platform was infiltrated by a Russian-based hacking group called NullBulge back in July, with 44 million messages’ worth of data released publicly from the company’s Slack channels. The Wall Street Journal reported that NullBulge revealed sensitive information such as Disney+ streaming revenue numbers, Disney Cruise Line employee data, Disneyland customer data, and more.

NullBulge exploits apps such as GitHub and Hugging Face to compromise software supply chains. SentinelOne’s threat intelligence team discovered that they trick users into downloading malicious files to breach the security of coding platforms.

From Disney’s point of view, data protection has to be a top priority; given how much data was leaked, continuing to use Slack could send a negative message to employees and users. 

Although not directly related to ongoing conversations in the Salesforce ecosystem regarding Slack integration, it doesn’t help how Slack is currently being perceived – especially with the increased competition with Microsoft Teams (which is being considered by Disney as their next option). 

Many critics have argued that Salesforce massively overpaid for Slack and that the communication platform has shown no significant improvement since the purchase. As Disney shifts away from Slack, there’s an element of pressure to address these ongoing issues to ensure the security and quality of their collaboration tools.

Is It Salesforce’s Fault?

Disney’s announcement couldn’t have come at a worse time for Salesforce, as Marc Benioff was recently singing the praises of Disney’s integration with Salesforce and highlighting his personal experience as a Disney guest. 

Benioff quickly responded to Disney’s decision when questioned at this year’s Dreamforce, reminding people of Salesforce’s Shared Responsibility Model, with accountability split between service providers and customers. Here’s how that model looked in terms of Salesforce and Slack:

Provider’s Responsibilities:

• Lock down the infrastructure
• Keep the platform secure
• Provide features and tools for better security

Customer’s Responsibilities:

• Set up security settings correctly
• Manage who can access what
• Shield against social engineering and phishing attacks
• Teach employees about best practices
• Keep an eye out for anything suspicious

When questioned, Benioff stated that Disney has to accept some responsibility for what happened to their data:

“There’s no finish line when it comes to security. But companies have to also take the right measures to prepare, prevent phishing attacks, and to lock down their employees from social engineering.

“We can do our part, but our customers also have to do their part. That’s extremely important.” Marc Benioff – CEO, Salesforce

While Benioff’s point regarding this model is fair, he does seem to gloss over the severity of the leak and how much data was actually exposed. This incident is a stark reminder of potential gaps in the security of the collaboration tools we all use.

Summary

It will be interesting to see what enterprise-wide tool Disney chooses as a replacement for Slack, with rumors that they aim to move to Microsoft Teams by the end of this year.

Either way, this decision sends a strong message to other companies using Slack, and is sure to stir up conversations regarding the security of collaboration tools.