News Analysis
At Dreamforce 2024, Salesforce CEO Marc Benioff showcased Disney as the gold standard for using cutting-edge technology. The entertainment giant was leveraging Salesforce’s highly-anticipated Agentforce platform to enhance park operations, improve customer flow and create magical experiences for millions of visitors.
Their integration with Salesforce’s tools was heralded as a triumph of AI-driven innovation. It told the story of what big bets and promises of AI could look like.
Yet, just days after this glowing spotlight on one of the biggest business stages anywhere, Disney made headlines again — this time for pulling the plug on Slack, Salesforce’s flagship collaboration tool. Sensitive internal communications, unreleased projects and confidential details were exposed by a hacking group earlier in the summer, and in the fallout, Disney decided to ditch Slack entirely.
Security Issues: Slack, Disney or Both?
The timing couldn’t have been worse for Salesforce’s narrative of seamless integration and trust in its ecosystem. Benioff had extolled the virtues of Slack and the security measures in place, but the breach shattered that confidence. Disney’s decision to abandon Slack sent a clear message: even if your company is an industry leader and you are doing great things with a vendor, no platform is immune to being replaced when it compromises security.
To be clear, this was no small breach. The hacking group NullBulge hit Disney hard, exposing over a terabyte of data that included login credentials, raw footage and unreleased projects. The breach was beyond embarrassing for both Disney and Slack. It raised deep concerns about the vulnerabilities inherent in Slack’s platform and Disney’s own security protocols.
Although Salesforce has maintained that the breach wasn’t a failure on its part, the incident underscored the fragile nature of cloud security, where even small lapses can lead to catastrophic leaks.
Disney’s decision to drop Slack highlights the Shared Responsibility Model in cloud security, where the service provider (Salesforce) ensures platform security, but the client (Disney) must secure data, access and configurations. While Salesforce emphasized that its security is “rock solid,” the breach demonstrated the complexities of guarding internal communications in a world where human error and social engineering remain significant threats.
This breach is a wake-up call, not just for Disney, but for any company using cloud-based tools.
Related Article: So Many Breaches, So Little Proactive Action
Disney Employees Aren’t Excited About Migrating to Teams
Despite the magnitude of the breach, not all of Disney’s 220,000 employees were on board with the shift.
Slack had become deeply embedded in the company's day-to-day operations. Employees had built archives, established workflows and grown accustomed to Slack’s multitude of features. Switching is hard and the switch to Microsoft Teams isn’t exactly being met with cheers. In fact, many employees expressed frustration over the transition, complaining that Teams didn’t offer the same experience as Slack. Conversations on workplace forums like Blind revealed that some employees suspected the decision to move away from Slack was motivated by cost-cutting, not just security concerns.
As we’ve seen across much of enterprise technology, consolidation is a significant theme as organizations try to slim down tech spend after the spending spree following the pandemic.
Many Disney employees feel that switching platforms will lead to lost productivity, disrupted workflows and hours wasted recreating archives and channels that had been painstakingly built over years. In short, a real risk with far-reaching consequences. While security was undeniably a major factor, the perception among staff was that their day-to-day needs were being sidelined in favor of executive-level decision-making.
Related Article: Teams vs. Slack Debate: Which Is Better for Collaboration?
What If It Was Email, Not Slack?
What if Disney’s email had been compromised instead of Slack? It’s impossible to imagine Disney scrapping email completely. So, what makes Slack more vulnerable and dispensable? The answer lies in how security is implemented and perceived for these two tools.
Email systems, particularly in large enterprises like Disney, are fortified by layers of security protocols that have been honed over decades of best practices and painful mistakes. These systems are typically embedded with advanced encryption, spam filters, phishing detection and user training aimed specifically at avoiding phishing and other user-based attacks. Companies regularly educate employees about the dangers of suspicious links, enforce strict password policies, and in many cases require two-factor authentication for email access.
Slack, on the other hand, although equally capable of being secured, rarely receives the same level of protection or user training as email. It’s seen as more of a casual collaboration tool than a critical communication infrastructure, and that difference in perception can lead to vulnerabilities.
For instance, while phishing tests and security protocols around email are routine, companies may not apply the same rigor to Slack — even though it stores enormous amounts of sensitive data in real time.
If Disney had implemented robust security measures like user access restrictions, stronger encryption, and comprehensive training programs for Slack, we might not even be talking about this transition. How much of this falls on Slack versus Disney? There’s enough blame to go around but, ultimately, Disney decides how to secure the platform at the administration and user level.
This difference highlights an important lesson for other companies: just because a tool is used for informal communication doesn’t mean it should have less security. The Disney breach serves as a cautionary tale about the risks of underestimating the security needs of modern collaboration tools.
Related Article: Will Chat Replace Email?
Broader Implications for Collaboration Software?
Slack, once the darling of enterprise communication, will face an uphill battle in the wake of this high-profile breach. If Disney — a major, long-term Salesforce client — can abandon Slack relatively easily, it could raise concerns for other organizations that have adopted the platform.
Conference
Oct
20
Gartner IT Symposium/Xpo Orlando 2025
Register
Conference
Oct
27
Gartner HR Symposium/Xpo Orlando 2025
Register
Are companies now more likely to reevaluate their reliance on tools like Slack, fearing similar vulnerabilities? The breach has placed a spotlight on the Shared Responsibility Model in cloud security, highlighting the fact that while service providers secure their infrastructure, the onus is on companies to manage access, configurations, and employee education. The lesson for companies could simply be to take access to all company systems as seriously as you do email and other shared, critical systems.
Companies might also start prioritizing tools that offer more robust security features out of the box or, like Disney, shift to alternatives such as Microsoft Teams, which is bundled into most companies’ existing Microsoft ecosystems (and security protocols). Microsoft’s deep integration with Office 365 might make it a safer choice — employees are already familiar with its products, and the company’s security measures have a long-standing reputation (albeit, one that has run into its own setbacks as of late).
In more extreme cases, Disney’s defection could lead other companies to reassess their entire tech stacks. Are these platforms truly indispensable, or are they easily replaceable when security is compromised? Three months may seem like a long time to transition to a new software solution but for a company with over 200,000 employees, it’s a pretty rapid shift.
Related Article: Changing Productivity Platforms Is Difficult, But Not Impossible
A Sequel Disney Wants to Avoid
Disney and Slack’s security breach serves as a cautionary tale for other companies: collaboration tools may be convenient and it may be easier to collaborate but they carry risks that must be carefully managed. As Disney navigates the transition to Microsoft Teams, it’s clear that security will continue to be a top priority — not just for Disney, but for the entire corporate world.
The broader implications are still unfolding, though. Will other companies follow Disney’s lead in reevaluating their reliance on platforms like Slack? Or will Salesforce and Slack rise to the challenge and prove that collaboration tools can be both innovative and secure (with some help from their customers)?
One thing is certain: in today’s world, no tool is too integral to escape scrutiny when security is on the line.
