See what I did there? You will. After a massive data breach in July, Slack gets no Slack from Disney and is reportedly ditched by them.
According to Bleeping Computer (Disney ditching Slack after massive July data breach, written by Lawrence Abrams and available here), Disney is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company’s internal communication channels.
According to CNBC, Disney has already begun migrating to new “streamlined enterprise-wide collaboration tools” and emailed employees this week to say that they will finish the migration at the end of the company’s next fiscal quarter.
This move comes after the company suffered a massive data breach in July when a threat actor named ‘NullBulge’ breached Disney’s Slack platform and stole 1.1TB of data.
Disney suffered another data breach a month earlier when 2.5GB of Club Penguin and corporate data was leaked from the company’s Confluence server on the 4chan message board.
It’s unclear how employees will communicate after moving away from Slack and whether Disney will be transitioning to another enterprise platform, like Microsoft Teams, or their own internal software.
This isn’t the only instance of an organization’s Slack instance being breached. In 2022, the Lapsus$ hacking group breached Uber’s Slack server using an employee’s stolen credentials, where they taunted employees about how they were breached.
In August 2023, threat actors breached Activision’s Slack server, stealing employee data and information about upcoming games.
Is the issue with the fact that many organizations store a large amount of data indefinitely in Slack? Or does Slack have cybersecurity shortcomings, like reportedly weak encryption? Perhaps a bit of both. If they don’t address the issue (or the perception of the issue), Slack will get no slack from organizations too when it comes to data breaches. Now you see what I did there?
So, what do you think? Do the recent data breaches involving Slack change your desire to use it? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.