Downloading the artificial intelligence tool, which seemed harmless, proved to be a horrible mistake.
The Wall Street Journal interviewed a man who unintentionally enabled Disney’s huge hacking. All over Press, Adobe Stock / AOP
Matthew van Andel42, last July received a strange message on the discord platform. An unknown communicator seemed to know a lot of things he had had with his Disney colleagues.
Things that no one outside Disney should know. Things that had only been talked about on Disney’s internal slack platform.
– I have got some sensitive information about your private life and work, one message stated Wall Street Journal by.
Van Andel quickly realized that he had been hacked.
The next day, 44 million Disney’s internal Slack messages and a total of 1.1 terabytes were released online. The package included everything from customer information to employee passport numbers. The hacker had reached the platform using Van Andel IDs.
Less than a couple of weeks later, Van Andel lost his job.
Thought first as a scam
Everything had originated in February 2024.
However, the application was actually a malware that allows the hacker access to Van Andel’s computer and thus to the whole digital life.
The key was the hacker access to the Van Andel 1password Password Management Program and eventually to Disney’s internal Slack platform.
Van Andel considered the surprising message he received at Discord first as a mere scam and he had little to delete the message, but the reference to Disney’s Slack discussions made him realize that it was much more serious.
Two -step authentication in the password application could have been saved
The hacker stated that he was part of the Russian Nullbulge Hactivist group, and according to his own words, he had had access to Van Andel for five months. However, the claim is not in line with the current information of the authorities, as Nullbulge is believed to be a single American hacker.
The information stolen from Van Andel from the passwords was published online. His sometil was broken and even the children’s Roblox game accounts were hijacked.
Many of Van Andel’s user accounts were protected by two -step authentication. However, he used 1password for two -step authentication, which had been taken over by the hacker, which made extra protection useless.
Further studies revealed that the 1password account itself had not been protected by two-step authentication, which allowed the entire agreement.
Official cause of kicks: watching porn on a machine
Van Andel didn’t sleep much, didn’t eat. In addition, he began to suffer from panic attacks. Soon, disturbing SMS and calls from the unknowns began.
11 days after the detection of hacking, Van Andel received a call from the Disney HR department and was told about the termination of the employment relationship. Disney’s security team investigated Van Andel’s workshop in thoroughly after a burglary and found that he was looking at porn on his machine. Van Andel denied the claim.
At the same time, he lost $ 200,000 in bonuses. So officially because of watching porn.
Van Andel told the Wall Street Journal that he is still seeing how his leaked username and passwords are being used to use unauthorized login to his accounts.