Get Premium
Dark mode theme is available exclusively for premium users. Learn more about the benefits of subscribing.
No fees, cancel anytime.
Dark Mode 
No fees, cancel anytime 
then open in external browser
and click "Open in External Browser" 
The life of a Disney worker took a dramatic turn when he was hacked after downloading a free AI tool to use with his children.
Matthew Van Andel, a former engineer at the renowned company, downloaded the software from the code-sharing site GitHub in February 2024.
The tool, supposedly designed to create images from text prompts, ended up being malware that gave hackers access to his personal information through a password manager.
Highlights
- Matthew Van Andel lost his job at Disney and $200k bonuses after accidentally downloading malware.
- He believed he was downloading a simple AI tool to create images from prompts.
- Hackers made 44 million Disney messages public, revealing sensitive data.
In July, five months after the download, he received a message from a stranger.
RELATED:
Matthew Van Andel was fired from Disney after the free AI tool he downloaded gave hackers access to his personal information
Image credits: GoFundMe
The message, sent via Discord, read, “I have gained access to certain sensitive information related to your personal and professional life.”
Van Andel grew worried when he realized the stranger knew details about his life he hadn’t shared with anyone else outside of work, including messages sent privately on the workplace communication tool Slack about his lunch.
When he went to the police and cut off their access, 44 million Disney messages were made public.
These contained information about the company’s theme park and streaming revenue, private customer information, and employee passport numbers.
Image credits: Nicole Van Andel
The criminal group also stole his credit card data and shared his social security number as well as login information to access his security cameras at home.
Van Andel reportedly lost control of his social media accounts, which became filled with obscene language.
The hacker told the victim that he was part of NullBulge, a Russian collective of “hacktivists” that supports the rights of artists and opposes the use of artificial intelligence. However, some suspect he was an American working alone.
Van Andel downloaded the software on the code-sharing site GitHub
Image credits: Busran/Adobe Stock (Not the actual photo)
The hackers alleged online that they had received help from a man “on the inside.”
“The user was aware we had them, he tried to kick us out once but let us walk right back in before the second time,” they said in an email to CNN.
“Disney was our target due to how it handles artist contracts, its approach to AI, and its pretty blatant disregard for the consumer.”
“If we said, ‘Hello Disney, we have all your Slack data,’ they would instantly lock down and try to take us out. In a duel, you better fire first.”
Image credits: ryanking999/Adobe Stock (Not the actual photo)
As a result of the attack, Van Andel was fired from Disney after forensic analysis of his work computer found he had accessed p*rnographic content, which he denies.
“Mr. Van Andel’s claim that he did not engage in the misconduct that led to his termination is firmly refuted by the company’s review of his company-issued device,” a spokesperson for Disney recently told the Wall Street Journal.
The victim said that his health insurance was terminated following the cyberattack, and he lost $200,000 in bonuses.
Van Andel’s sister, Christa Maier, shared: “It was a tool that they had initially downloaded just to have fun with the children. But it was polluted with something, and this would not become apparent until many months later when they were mining data.”
When the engineer cut off the hackers’ access, they retaliated by sharing 44 million Disney messages
Image credits: Nicole Van Andel
According to Christa, the hackers’ motivations were not ideological but financial.
“They initially started stealing a lot of credit card data and banking information — the normal things.
“But then they realized where he worked, and they were like, ‘We can have some additional fun with this.'”
Van Andel and his family set up a GoFundMe page following the attack to cover his legal fees and loss of income.
Van Andel reportedly lost $200,000 in bonuses and had his credit card data stolen
Image credits: GoFundMe
“This criminal has taken the most extreme measures to destroy his career, his finances, his reputation, and every aspect of his personal well-being,” the page description reads.
“The extent of these malicious acts, which are continuing to unfold, affect the life and security of not only himself but those of his family and two young children.
“We are hoping we can raise enough to ensure he can continue to undo the damage that was caused and help alleviate the financial stress the family is faced with navigating during this very difficult time out of no fault of their own.”
People reacted to the former Disney employee’s decision to download free software
Poll Question
How much responsibility should companies have in educating employees about cybersecurity risks?
A lot of responsibility
Some responsibility
Little responsibility
No responsibility
What do you think ?
David Houde 1 month ago (edited)
Ok, my biggest issue with this story is that they setup a go fund me when his bonuses were $200,000. You don't get bonuses like that on a low salary. I guess I just feel that a go fund me should be more for people with limited resources and are trying to claw their way out, not ones that made a massive bluder and are trying to trying to maintain their lifestyle.
LakotaWolf (she/her) 1 month ago
I'm not justifying it, but when I slogged through the vomituously righteous description on the GoFundMe ("Matthew did nothing wrong! The system failed him!" etc.) the fund's creator did mention that it was intended for the family's immediate expenses and also the legal representation needed in order to try and put out this dumpster fire. I agree that dude must have had a very comfortable salary, and he also lives in Tustin, CA, which is a VERY affluent city (I'm a lifelong SoCal resident, I know the area.) But legal fees can add up very quickly, and this guy probably needs a small army of lawyers to save his äss from complete immolation. It's 100% his fault, IMO (who tf downloads freeware these days with no antivirus software?!) but I know legal fees can get pricey fast. It's not a defense or justification, just reporting in on what I read on their GoFundMe XD
Load More Replies...
Sergio Bicerra 1 month ago
I downloaded a free editing program that saw in a facebook ad. The next day my gmail account was hacked from Czech Republic and lost my youtube account, gmail , google account. So yeah, don't download free stuff (not talking tou you VLC, I love you)
LakotaWolf (she/her) 1 month ago
Yep, even when they look legitimate, they might not be. My mom and sister are not tech-savvy at all. I used to explain to them over and over to never click links in emails or download attachments in emails unless they knew the sender. I showed my sister how to hover over links and emails to show what they really were, when people would send scam emails. Then, she STILL downloaded an attachment in our family business's work email. It ended up being ransomware and it locked down that computer. Luckily, I took precautions years ago and our database is on a server, and our computers are just client/slave computers. All I had to do was reformat the C: drive on that computer and reinstall the OS and nothing of value was lost. It frustrated me (and scared me!) because I had told her not to do that exact thing XD Now she calls me whenever there's a weird email in the business email inbox, and I go look at it. I guess that's progress XD
Load More Replies... LakotaWolf (she/her) 1 month ago
I had some basic sympathy until I saw that moustache. (Kidding. Sorry.) But no, I actually had a shred of sympathy until I read the GoFundMe: "...the biggest injustice here is that the one good man in this was allowed absolutely no recourse to protect himself, no path to justice or protection or comfort. The system is failing him. He did the right thing and the system was in no way designed to help protect him or to help him defend himself." - "He did the right thing and evil, immoral people have taken measures to completely destroy both him and his family for that." - "..we, his family, who are seeing the aftermath of a man who did the right thing suffer horribly in the wake of this.." He DIDN'T "do the right thing". He ISN'T an "innocent" victim. The system didn't "fail him". He effed up. He failed himself and his family by downloading a rando program from the internet. Didn't he have any antivirus/anti-malware?
Shannon Donnelly 1 month ago
Specifically downloading free software and watching porn on your WORK COMPUTER and then fessing up only after realizing just how badly you completely f*ed up!! He’s a victim of his own stupidity here, and this doesn’t warrant anyone donating their hard earned money to him. I feel badly for his family, but otherwise, I’ll save my pity for true victims.
David Houde 1 month ago (edited)
Ok, my biggest issue with this story is that they setup a go fund me when his bonuses were $200,000. You don't get bonuses like that on a low salary. I guess I just feel that a go fund me should be more for people with limited resources and are trying to claw their way out, not ones that made a massive bluder and are trying to trying to maintain their lifestyle.
LakotaWolf (she/her) 1 month ago
I'm not justifying it, but when I slogged through the vomituously righteous description on the GoFundMe ("Matthew did nothing wrong! The system failed him!" etc.) the fund's creator did mention that it was intended for the family's immediate expenses and also the legal representation needed in order to try and put out this dumpster fire. I agree that dude must have had a very comfortable salary, and he also lives in Tustin, CA, which is a VERY affluent city (I'm a lifelong SoCal resident, I know the area.) But legal fees can add up very quickly, and this guy probably needs a small army of lawyers to save his äss from complete immolation. It's 100% his fault, IMO (who tf downloads freeware these days with no antivirus software?!) but I know legal fees can get pricey fast. It's not a defense or justification, just reporting in on what I read on their GoFundMe XD
Load More Replies... Sergio Bicerra 1 month ago
I downloaded a free editing program that saw in a facebook ad. The next day my gmail account was hacked from Czech Republic and lost my youtube account, gmail , google account. So yeah, don't download free stuff (not talking tou you VLC, I love you)
LakotaWolf (she/her) 1 month ago
Yep, even when they look legitimate, they might not be. My mom and sister are not tech-savvy at all. I used to explain to them over and over to never click links in emails or download attachments in emails unless they knew the sender. I showed my sister how to hover over links and emails to show what they really were, when people would send scam emails. Then, she STILL downloaded an attachment in our family business's work email. It ended up being ransomware and it locked down that computer. Luckily, I took precautions years ago and our database is on a server, and our computers are just client/slave computers. All I had to do was reformat the C: drive on that computer and reinstall the OS and nothing of value was lost. It frustrated me (and scared me!) because I had told her not to do that exact thing XD Now she calls me whenever there's a weird email in the business email inbox, and I go look at it. I guess that's progress XD
Load More Replies... LakotaWolf (she/her) 1 month ago
I had some basic sympathy until I saw that moustache. (Kidding. Sorry.) But no, I actually had a shred of sympathy until I read the GoFundMe: "...the biggest injustice here is that the one good man in this was allowed absolutely no recourse to protect himself, no path to justice or protection or comfort. The system is failing him. He did the right thing and the system was in no way designed to help protect him or to help him defend himself." - "He did the right thing and evil, immoral people have taken measures to completely destroy both him and his family for that." - "..we, his family, who are seeing the aftermath of a man who did the right thing suffer horribly in the wake of this.." He DIDN'T "do the right thing". He ISN'T an "innocent" victim. The system didn't "fail him". He effed up. He failed himself and his family by downloading a rando program from the internet. Didn't he have any antivirus/anti-malware?
Shannon Donnelly 1 month ago
Specifically downloading free software and watching porn on your WORK COMPUTER and then fessing up only after realizing just how badly you completely f*ed up!! He’s a victim of his own stupidity here, and this doesn’t warrant anyone donating their hard earned money to him. I feel badly for his family, but otherwise, I’ll save my pity for true victims.
You May Like Police Reveal Model Fell From Dubai Construction Site, Family Believes She Was Trying To Escape Gene Hackman And Wife's Bombshell Autopsy Report Reveals Cause Of Passing Related To Rats “Bigger Than Coffee”: Thousands Line Up Outside NYC Café After Owner’s Devastating Video
Renan Duarte
Lei RV
Karina Babenok
Related on Bored Panda
19
19