Disney Hack: Man Pleads Guilty to Stealing 1.1 Terabytes of Data Over Slack

In a shocking turn of events, a California man has pleaded guilty to hacking into a Disney employee's personal computer and stealing an astonishing 1.1 terabytes of confidential data. Ryan Mitchell Kramer, 25, a resident of Santa Clarita, faces two felony charges in connection with the heist, which has left Disney reeling.

The Malicious Program

According to the plea agreement, Kramer posted a computer program on various online platforms that appeared to be used to create AI-generated art. However, this was just a ruse - the program contained a malicious file designed to gain unauthorized access to victims' computers. Popular social media and technology platforms unwittingly hosted the program, allowing it to spread far and wide.

The Hack

In April and May 2024, a Disney employee downloaded the program, unaware of its true intentions. Kramer quickly exploited this vulnerability, gaining access to the victim's personal and work accounts, including a non-public Disney Slack channel. The data contained in these channels was highly sensitive, including confidential information about Disney's corporate website, software development, job candidate assessments, and even photos of employees' dogs - all dating back to 2019.

The Threat

On July 12, Kramer contacted the victim by pretending to be a member of a fake Russian hacktivist group called “Nullbulge.” He threatened to leak their personal information and Disney Slack data unless certain demands were met. This brazen threat was soon followed by the public release of the stolen data on multiple online platforms.

The Fallout

The breach was made public just three days later, in a report by the Wall Street Journal, which revealed the full extent of the hack. The leaked files contained thousands of confidential documents and sensitive information about Disney's operations. In response to the breach, Disney stated that it was cooperating fully with law enforcement agencies and taking steps to prevent similar incidents in the future.

The Investigation

The FBI is also conducting an investigation into the breach, which has left many wondering how such a sophisticated cyber attack could have occurred in the first place. The plea agreement revealed that Kramer had previously hacked into at least two other victims' computers using his malware.

The Verdict and Next Steps

Kramer pleaded guilty to two felony charges, including one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison. Kramer is expected to appear in United States District Court in downtown Los Angeles in the coming weeks.

As Disney continues to grapple with the fallout from this devastating breach, it remains committed to working closely with law enforcement agencies to ensure that cybercriminals like Kramer are brought to justice.