A Disney employee says his life began spiraling out of control after he downloaded an AI tool that resulted in a cyberattack that granted a hacker access to all of his personal information. Not stopping there, the hacker gained access to Disney’s internal operations including private customer and employee information.
In February 2024, Disney employee Matthew Van Andel downloaded an AI tool that helped generate images from text prompts from the code-sharing site GitHub, according to a report by the Wall Street Journal.
While the image-generating AI tool worked, it also served as malware, granting a hacker access to his computer, unbeknownst to Van Andel. From there, the hacker obtained access to Van Andel’s 1Password account, used to store passwords, other sensitive information, and even digital files granting him access to Disney’s internal Slack channel.
The hacker, known as Nullbulge, is most likely just one person from the United States, according to researchers.
In July, after being on Van Andel’s computer for five months, Nullbulge sent him a message, writing, “I have gained access to certain sensitive information related to your personal and professional life.” The hacker’s messages also included information that Van Andel knew nobody outside of Disney was privy to, causing him to realize that he had, in fact, suffered a cyber attack.
The following day, Disney’s afternoon Slack exchange was reportedly published to the internet, prompting the company’s cybersecurity team to take action. The data dump included private customer information and employee passport numbers, among additional information. While Van Andel was on the phone with Disney’s cybersecurity team, the hacker messaged him, “Respond, do what we want, or end up on the net.”
But his correspondence apparently did not appease the hacker, who turned around the next morning and posted every piece of login information from Van Andel’s 1Password account to the internet.
Van Andel reportedly lost sleep and suffered panic attacks while his credit cards racked up bills and his personal information — ranging from his Social Security number to access to Ring cameras inside his home — was posted online.
After that, Van Andel began receiving “creepy” phone calls and text messages from complete strangers. “It’s impossible to convey the sense of violation,” he said.
A few weeks after that, Disney fired Van Andel, explaining that an analysis of his work computer found he had accessed pornographic material from the laptop. The Disney employee denied using his work computer to access porn, arguing, “I’m the one who got hacked.”
Van Andel’s attempts to clear his name with Disney’s HR, however, were futile, and he ended up losing his health insurance, as well as an estimated $200,000 in bonuses.
In an attempt to get his life back, Van Andel has reportedly taken up contract work to help pay the bills, while his sister set up a GoFundMe campaign to ask for donations. Van Andel’s attorney, meanwhile, sent a demand letter to Disney on December 19, seeking an eight-figure settlement for lost wages and emotional distress.
To this day, Van Andel says that he can still see hackers trying to use his now-changed password information in an attempt to break into his accounts.
Alana Mastrangelo is a reporter for Breitbart News. You can follow her on Facebook and X at @ARmastrangelo, and on Instagram.
Read the full article here
