https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931
A former Disney engineer, Matthew Van Andel, had his life turned upside down after downloading a seemingly harmless AI tool from GitHub. The software, intended for creating AI images, contained malware that granted hackers access to his computer and sensitive data.
The hackers stole his Disney login credentials, leading to the leak of over 44 million Disney internal slack messages, including customer information, employee passport numbers, and financial data. They also accessed his personal accounts, stealing credit card numbers, leaking his social security number, and even gaining access to his home Ring cameras.
Matthew was subsequently fired from Disney after a forensic analysis of his work computer found he had accessed pornographic material, which he denies. He lost his health insurance and $200,000 in bonuses.
The incident highlights the dangers of downloading software from untrusted sources and the vulnerability of personal and corporate data to sophisticated cyberattacks. Lot of people think that content from GitHub are trustworthy and they couldn’t be more wrong. Matthew’s case underscores the importance of strong password security, two-factor authentication, and vigilance against malicious software. He was using 1Password as his password manager but didn’t have any 2FA access on it.