California Man Pleads Guilty to 2024 Disney Slack Hack
A shocking turn of events has unfolded in the world of cybersecurity, as a California man, Ryan Mitchell Kramer, 25, has pleaded guilty to hacking into Disney's company Slack channel in 2024. The malicious hack led to the release of over 1.1 terabytes of confidential data, including sensitive information on current and prospective Disney employees, revenue figures for popular products like Disney+ and ESPN+, and login credentials that could be used to access its cloud infrastructure.
The consequences of this breach were severe, forcing Slack to drop the tool entirely last year. The incident had significant repercussions for Kramer as well, with him facing a total maximum sentence of 10 years' imprisonment, along with a fine of $500,000. In a surprising twist, Kramer admitted to gaining unauthorized access to a Disney employee's personal computer and attempting to extort them, while posing as part of a fake Russian hacktivist group called "NullBulge."
Kramer's journey into the world of cybercrime began in early 2024, when he posted a malicious computer program on online platforms like GitHub. This software was claimed to be used for creating AI-generated art, but it had an ulterior motive - to steal sensitive information from unsuspecting victims. A Disney employee, who downloaded the malicious file between April and May 2024, became Kramer's first target.
Using the login credentials obtained from the victim's accounts, Kramer was able to gain access to Disney's company Slack channel and steal a vast array of confidential data. He then reached out to the employee on the messaging platform Discord, demanding payment in exchange for not releasing the stolen data and personal information. But that wasn't all - Kramer also claimed to have gained unauthorized access to at least two other victims' computers and accounts.
"We are pleased that this individual has been charged and has agreed to plead guilty to federal charges," a Disney spokesperson told SFGATE, one of the first places to report on the incident. "We remain committed to working closely with law enforcement, as we did in this case, to ensure that cybercriminals are brought to justice."
The rise of hacking and ransomware attacks has become an alarming trend in recent years. Many of the world's largest entertainment companies have fallen victim to these types of attacks, including Sony Pictures, Netflix, HBO, and CD Projekt, developer of Cyberpunk 2077.
In 2017, a 29-year-old Iranian national was indicted for hacking HBO and demanding $6 million in Bitcoin in exchange for not posting unaired TV episodes from various HBO series, as well as a script for an upcoming Game of Thrones episode. The increasing sophistication and brazenness of these attacks serve as a stark reminder of the importance of cybersecurity awareness and robust measures to protect sensitive information.