In a significant data breach, hacktivist group NullBulge has infiltrated Disney’s internal Slack infrastructure, leaking 1.2TB of sensitive data. This breach, posted on the cybercrime platform Breach Forums on July 12, 2024, exposes many of Disney’s internal communications, compromising messages, files, code, and other proprietary information.

  • douglasg14b@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    4 months ago

    Depends. Our engineering slack (Few thousand members) doesn’t contain secrets for a few reasons:

    1. Secret scanning
    2. We have a /secret bot that will take your secret, store it securely, and then present a GUI for each person with access to display that secret “for just that person”. And then after a set period of time it’s made inaccessible, and wiped from the infra.
    3. Training and knowledge transfer on secret security

    This has been incredibly effective. Especially the secret bot.

    Turns out that the problem with people sharing secrets is just a matter of convenience. If you make a secure way convenient then everyone tends to just use it by default.