Disney To Stop Using Salesforce-Owned Slack After Hack Exposed Company Data (reuters.com)
(Thursday September 19, 2024 @11:30PM (BeauHD)
from the Slack-astrophe dept.)
- Reference: 0175087187
- News link: https://it.slashdot.org/story/24/09/19/2119252/disney-to-stop-using-salesforce-owned-slack-after-hack-exposed-company-data
- Source link: https://www.reuters.com/business/media-telecom/disney-stop-using-salesforce-owned-slack-after-hack-exposed-company-data-wsj-2024-09-19/
Disney [1]plans to transition away from using Slack as its companywide collaboration tool after a hacking group [2]leaked over a terabyte of data from the platform. Many teams at Disney have already begun moving to other enterprise-wide tools, with the full transition expected later this year. Reuters reports:
> Hacking group NullBulge had published data from thousands of Slack channels at the entertainment giant, including computer code and [3]details about unreleased projects , the Journal reported in July. The data spans more than 44 million messages from Disney's Slack workplace communications tool, WSJ reported earlier this month. The company had said in August it was investigating an unauthorized release of over a terabyte of data from one of its communication systems.
[1] https://www.reuters.com/business/media-telecom/disney-stop-using-salesforce-owned-slack-after-hack-exposed-company-data-wsj-2024-09-19/
[2] https://it.slashdot.org/story/24/07/16/1832237/hackers-claim-to-have-leaked-11-tb-of-disney-slack-messages
[3] https://yro.slashdot.org/story/24/09/05/1445200/leaked-disney-data-reveals-financial-and-strategy-secrets
> Hacking group NullBulge had published data from thousands of Slack channels at the entertainment giant, including computer code and [3]details about unreleased projects , the Journal reported in July. The data spans more than 44 million messages from Disney's Slack workplace communications tool, WSJ reported earlier this month. The company had said in August it was investigating an unauthorized release of over a terabyte of data from one of its communication systems.
[1] https://www.reuters.com/business/media-telecom/disney-stop-using-salesforce-owned-slack-after-hack-exposed-company-data-wsj-2024-09-19/
[2] https://it.slashdot.org/story/24/07/16/1832237/hackers-claim-to-have-leaked-11-tb-of-disney-slack-messages
[3] https://yro.slashdot.org/story/24/09/05/1445200/leaked-disney-data-reveals-financial-and-strategy-secrets
Time for an on-prem messaging tool? (Score:2)
Whatever happened to on-prem messaging tools? Ages ago, ircd would be good enough, but one needs to be able to have attachments stored somewhere, and some places have documentation for long term reference.
If someone came up with something like Slack or Teams, except 100% on-prem and used interfaces to the server or load balancer, I'm sure it would be useful. Maybe even offer cloud-brokered redirection so people outside the firewall can still communicate, but all data still remains on the physical servers,
Re:Time for an on-prem messaging tool? (Score:5, Insightful)
Where I'm at we assiduously assail every cloudification effort, we're even more paranoid than our own infosec peeps. If cloud's the only way, then we do it.
We also have some infrastructure in the cloud, as a last-resort lifeboat kinda thing for email and AD and such. But it's all built by us, not some 3rd party consultant thing. We're even more paranoid than our own infosec is. They love cloud =o/
Too many people are drinking Flavor-Aid (tm) and falling for AI buzzwords. Clownstrike is an example -- we called it out something like 4 years ago and we also nixed many others.
Buying things based on marketing is retarded but that's how most managers (most, not all) do it. Directors nearly always do it. You don't buy the shiniest and prettiest, you buy the one that does the job best.
Re: (Score:2)
Totally Agree. Would +1 if I had Mod points.
Re: (Score:2)
I am going to go out on a limb and say that a lot of the cloud services can be put on-prem, with something that can do cloud brokering. For example, something like RealVNC never needs to jump a firewall in, because both machines are connecting to the cloud broker, and creating a connection from that.
If we can do this with internal file sharing and other apps, the crown jewels can remain in a secure area, while people have access without needing a VPN. Best of all worlds.
Re: (Score:1)
Then their servers would have got hacked too potentially and they'd have lost all data.
This isn't Slack's fault. Disney failed to secure it, not Slack. The only two real alternatives are Slack and Teams. Maybe if Discord went professional version they'd be a contender.
Yes, there are other chat applications out there, but they are no where near as powerful as Slack. This is a stupid move on Disney's part.
They can always run Spark for internal messaging or roll their own (even make it open source! tha
Matrix open standard protocol (Score:2)
> Whatever happened to on-prem messaging tools? Ages ago, ircd would be good enough, but one needs to be able to have attachments stored somewhere, and some places have documentation for long term reference.
> If someone came up with something like Slack or Teams, except 100% on-prem and used interfaces to the server or load balancer, I'm sure it would be useful. Maybe even offer cloud-brokered redirection so people outside the firewall can still communicate, but all data still remains on the physical servers, or something like AWS GovCloud with a guarentee of physical custody.
Matrix open standard protocol then? [1]https://matrix.org/ [matrix.org]
[1] https://matrix.org/
Re: (Score:2)
What on earth makes you think on-prem would be more secure than in the cloud? Are your company's IT staff better trained in security than Microsoft or AWS? Most places I've worked, there were a few guys on the IT team, and they had to juggle security concerns with a long list of other IT demands. Security issues often took a back seat, because they weren't "urgent." For Microsoft and Amazon, security is critical to their success, it's what they do, and they have the money to do it. I'd personally trust them