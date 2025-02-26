"It's impossible to convey the sense of violation."

Last February, Disney employee Matthew Van Andel downloaded what seemed like a helpful AI tool from the developer site GitHub.

Little did he know that the decision would totally upend his life — resulting in everything from his credit cards to social security number being leaked to losing his job, as the Wall Street Journal reports.

"It's impossible to convey the sense of violation," the 42-year old Van Andel, who is the father of two boys, told the newspaper.

The software, an AI image generator, worked as advertised. But embedded into its files was a piece of malware, which a tenacious hacker used to probe Van Andel's password manager. Van Andel found out after the hacker, going by the name "Nullbulge," sent him an ominous message on Discord, a chat and VoIP platform popular with gamers.

In the message, sent last July, the hacker referred to a conversation Van Andel had with his Disney coworkers in their workplace Slack, a professional platform used by organizations for remote work.

That's what alerted him that this wasn't your typical spam message. In followup emails, the hacker threatened that if Van Andel didn't give into their demands, he'd "end up on the net."

The next day, the hacker used Van Andel's work credentials to perpetrate a massive data leak at Disney, dumping everything from private customer info to internal revenue numbers online. Van Andel's personal info was caught in the mix, including financial accounts — suddenly barraged with unsolicited bills — his social media, and even his children's Roblox logins.

In a blog post, the hacker gloated about the attack, naming Van Andel.

"1.1 terabytes of data, almost 10,000 channels, every message file possible, dumped," wrote Nullbulge, per a WSJ screenshot. "We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special Matthew J Van Andel!"

"Consider the dropping of literally every bit of personal info you have... as a warning for people in the future," the hacker added.

Van Andel claims that he immediately contacted Disney's cybersecurity "fire team" after he received the threats from the hacker. Their investigation found nothing on his work computer, but they recommended Van Andel run a thorough check on his personal desktop.

An anti-virus scan turned up the malware. But at that point, it was too late. The hacker had already gleaned enough to leak Disney's data and ruin Van Andel's life.

Van Andel knew the only way the hacker could have gained such extensive access was through his password manager, 1Password. It turned out that Van Andel had failed to secure the software with two-factor authentication. The hacker likely emplaced a keylogging Trojan virus on his home computer via the AI tool, at which point they'd have "nearly unrestricted access," a 1Password spokesman told WSJ.

Eleven days after the leak, Disney called Van Andel to tell him he was fired, depriving him of about $200,000 in bonuses and his family's healthcare. The company claimed that it found evidence that he'd accessed pornographic material on his work computer — claims that Van Andel firmly denies.

"I’m the one who got hacked," he told the Disney representative on the phone, per the WSJ.

More on data breaches: Hackers Apparently Stole the FBI's Call Logs With Confidential Informants