Hackers claimed attack on Disney was in retaliation for alleged use of AI. A former Disney employee's world was turned upside down when he downloaded an artificial intelligence-powered photo program, unaware that it was laced with hacking software, during a massive data breach at the entertainment giant.
In July, Matthew Van Andel, an engineer at Disney at the time, got a message on the chat forum Discord from an unknown account, which seemed to know personal, granular details that would only be possible if the individual had access to his workplace Slack chat program.
The hackers said if Van Andel, who alerted Disney to the seeming breach, didn’t comply with their demands, they would release troves of his personal information online. As the engineer raced to reset his various passwords, the hackers followed through on their threat, releasing information including his Social Security number, his login credentials to Disney systems, and even dumping info on his children’s Roblox accounts.
After the hack, Van Andel says he didn’t eat or sleep and began having panic attacks. Strangers left him unnerving voicemails, and pranksters vandalized his social media accounts. The engineer also lost his job at Disney, after a forensic analysis of his work-issued computer found he had accessed pornography, which he denies.
Security researchers believe Nullbulge may be a single American individual who used a class of malware called an infostealer, which embeds malicious code in software downloads, to carry out the cyberattack. Van Andel’s family members also say they doubt the claim the hack was motivated by an ideological grievance against Disney.
They praised him for working with Disney and authorities to investigate the incident. “When the hacker made their presence known and tried to extort our brother for additional information, he instead went directly to the authorities and put himself, his family and his reputation at risk to protect his employer,” they write on a GoFundMe page. “The hacker retaliated over his unwillingness to comply by publicly releasing personal information and attempting to make an example of him so that the next victim would comply with their sadistic demands.”.
