1.5 terabytes of text is a staggering amount of data, and that is just one channel. The thought of that much ”talking" going on in one company is overwhelming.
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
Is Disney blaming the fans yet for this hack?
So we gonna finally accept that maybe all these cloud services aren't that secure
Internal slack infrastructure
Taking this part of the description at face value anyway, this sounds like the opposite of the cloud.
That being said, I still agree with the statement
I don't think Slack has a self hosted version, and does not offer IP allow listing. There's nothing preventing someone to go to https://disney.slack.com/. I think when they say "internal" they mean for internal employees, and not like a thing for fans.
I think when Disney demands an internally-hosted version of your product, then the sales team tells engineering that they'll provide one, and mark the price up accordingly. That kind of thing doesn't appear on the external listing for everyone else.
Why would Disney demand that?
Why would they choose slack if they want to host, maintain and be responsible for the internal chat themselves?
They choose slack because they do it for them so that they don't have to do it themselves. That is the selling point for them.
Businesses buy cloud services, because they do not want to manage stuff themselves.
They can still have support contracts and SLA etc from slack.
It's just that the servers slack runs on are on-prem and completely controlled by the business buying into the self hosted licence.
The benefits should be tighter security (say, can only be accessed via VPN), and for many many MAU probably lower costs. Chances are, Disney already has datacenter ops and hardware contracts.
And why choose slack? For quite a while, it was extremely common for developers (maybe even industry standard?). It had loads of features in the small market of internal chat programs. And it's easy to build extensions and integrations for.
I'm not saying that Disney is running on-prem slack, but I wouldn't be surprised if they were
Ostensibly better opsec
They do. You pay extra for it. You have to have apache or a web server configured for it, and a lot of space. Source: I configured one like 4 years ago.
I've never heard of an on prem offering, which tier is that on? None of the plans mention it? https://slack.com/pricing
Welcome to the world of B2B where 98% of products are listed nowhere and of those products you get a listing the price is either hidden or not the price anyone really pays.
That's what I hate the most in B2B. No transparency. How am I supposed to trust you if we start this way?
I can't find it now, but my company attempted to get that from Slack and IIRC it was an option but more expensive than they were willing to pay.
Just because it's not marketed doesn't mean it's not offered
That sounds like user error on Disney's part then. My company uses IP whitelisting just fine.
Nah.
In a shocking move, the wage slaves found that their bosses know that they are severely underpaid.
Huh, I looked through the website of the hacking team and they use slurs and talk about posting on 4chan, it's not a great look for a group trying to get on the good side of creative peoples imo
A lot of hacker groups originated on 4chan.
Plus in their blog post they mention that they haven't read through most of the leaks themselves so they don't even know what kind of info they might be posting about potentially unrelated people, in an attack on "AI" that won't stop disney even a little bit. Like, I understand the desire to help creative people but I don't see how this is doing that
If you're a grey-hat/chaotic-good hacker intent on exposing corporate greed or whatever, with a cache like that, you've got a couple options....either release inmediately, or review the data to minimize collateral damage and release.
If the intent was to help people, and there was no driving force to release immediately, then they should've waited and reviewed the data.
I really worry if this is going to lead to my overly-ambitious infosec group putting the kibash on our unofficial/shadow-IT (fully internal) MatterMost.
Review the data cost your time (which is work time, could be transfer into money).
So, better release it all.