What happened

Disney engineer Matthew Van Andel downloaded what he believed to be a legitimate AI tool for creating images from text prompts onto his personal computer from the GitHub code-sharing platform.

However, the software contained malware-infected AI software, including a keylogger, allowing hackers to see every keystroke Van Andel made. It also provided access to his 1Password password management account. 

Hacker group Nullbulge then contacted Van Andel via Discord, revealing they had accessed sensitive details about his personal and professional life. 

The situation escalated rapidly, resulting in:

• The release of 44 million Disney messages online, exposing private customer data, employee information and confidential company details.

• Publication of Van Andel's personal information, including his Social Security number, login credentials, and even his children's online gaming account details.

• Unauthorised charges on Van Andel's credit cards and attempts to access his private accounts.

• Van Andel's termination from Disney, loss of health insurance, and the forfeiture of approximately USD 200,000 in bonuses.

• Ongoing harassment, including unnerving voicemails from strangers and vandalism of his social media accounts.

Why it happened

Nullbulge aimed to expose Disney's internal communications and data due to its perceived misuse of AI and inappropriate handling of artist contracts.

Van Andel's compromised device provided the hackers with the necessary access to Disney's systems.