A Disney Worker, an AI Tool and the Hack That Ruined His Life - WSJ Tech News Briefing

Summary3 min read

WSJ Tech News Briefing: A Disney Worker, an AI Tool, and the Hack That Ruined His Life

Release Date: March 5, 2025
Host: Charlotte Gartenberg
Reporter: Robert McMillan

Introduction

In the March 5, 2025 episode of WSJ Tech News Briefing, host Charlotte Gartenberg delves into a harrowing cybersecurity incident involving a Disney employee, an artificial intelligence (AI) tool, and a subsequent hack that not only compromised personal data but also exposed sensitive company information. Reporter Robert McMillan provides an in-depth analysis of the events, their repercussions, and offers valuable cybersecurity insights for listeners.

The Disney Hack: How It Unfolded

Charlotte opens the discussion by presenting a nightmare scenario where the integration of an AI tool intended to streamline workflow backfires disastrously.

Charlotte Gartenberg [00:33]: "It's a bit of a nightmare scenario. You download an artificial intelligence tool to make your workflow easier, but instead you get hacked."

Robert McMillan elaborates on the mechanics of the hack:

Robert McMillan [02:17]: "It happened on GitHub... the hacker had created a plugin for an AI tool called ComfyUI. This plugin was a Trojan horse, appearing benign but actually malicious."

The hacker exploited this plugin to infiltrate Matthew Van Andle’s personal computer, leading to unauthorized access to his 1Password account and, consequently, Disney’s Slack communications.

Impact on Matthew Van Andle

Matthew Van Andle, affectionately known as "Dutch," was a mid-level technology manager at Disney, deeply invested in exploring AI applications within his work.

Robert McMillan [01:38]: "A lot of people call him Dutch... he's a very earnest guy who was interested in the field of artificial intelligence."

The personal ramifications for Van Andle were severe:

Robert McMillan [03:45]: "It was a nightmare. The hacker not only stole his identity and committed identity theft but also accessed his work Slack account and dumped his digital life online."

His failure to enable two-factor authentication on his 1Password account exacerbated the situation, providing the hacker unrestricted access once the Trojan was deployed.

Disney's Response and Consequences

Following the breach in July of the previous year, Disney faced significant backlash as over a terabyte of data, including more than 44 million Slack messages, was leaked online. This data encompassed sensitive information about theme park and streaming revenues, customer details, and employee information.

Robert McMillan [05:35]: "Disney said that they were investigating and they didn't expect it to have material impact on its operations."

In the aftermath, Disney decided to transition away from Slack to more secure collaboration tools. However, the incident had immediate personal consequences for Van Andle.

Robert McMillan [05:54]: "Disney claimed that he accessed inappropriate websites on his work device... he denied these allegations and was subsequently fired."

Cybersecurity Insights: Protecting Yourself Against Similar Threats

The discussion shifts to broader cybersecurity challenges and strategies to mitigate such risks. Robert McMillan provides expert insights:

Robert McMillan [07:09]: "Cybersecurity has always been difficult to protect against... any determined hacker can get you if you make one mistake."

He emphasizes that while absolute security is unattainable, taking proactive measures can significantly reduce vulnerability.

Practical Advice from the FBI

Drawing from FBI recommendations, Robert outlines actionable steps:

Avoid "Remember Me" Features on Sensitive Sites:

Robert McMillan [09:32]: "Don't click that checkbox... it creates a file on your computer that allows anyone to log into that website."
Implement Two-Factor Authentication (2FA):

Robert McMillan [09:55]: "Use software like Authenticator that runs on your phone and generates a code as the second factor."
Use a Dedicated Device for High-Security Activities:

Robert McMillan [10:52]: "Have one computer that you just use for your banking and don't download plugins to it."

These steps aim to create multiple layers of defense, making it harder for hackers to exploit vulnerabilities.

Conclusion

The episode underscores the intricate relationship between emerging technologies like AI and cybersecurity. It highlights the importance of vigilance, especially for individuals in tech-savvy roles, to safeguard both personal and organizational data. By following the recommended security practices, users can better protect themselves against the ever-evolving landscape of cyber threats.

Produced by Jess Jupiter with Supervising Producer Katherine Millsop.

Loading summary

Transcript26 lines

[00:01]
McAfee Advertisement
Your data is like gold to hackers. They'll sell it to the highest bidder. Are you protected? McAfee helps shield you blocking suspicious texts, malicious emails and fraudulent websites. McAfee Secure VPN lets you browse safely and its AI powered tech scam detector spots threats instantly. You'll also get up to $2 million of award winning antivirus and identity theft protection, all for just $39.99 for your first year. Visit mcafee.com/incancel anytime terms apply.
[00:33]
Charlotte Gartenberg
Welcome to Tech News briefing. It's Wednesday, March 5th. I'm Charlotte Gartenberg for the Wall Street Journal. It's a bit of a nightmare scenario. You download an artificial intelligence tool to make your workflow easier, but instead you get hacked. And what's worse, the hacker accesses all of your personal data and gets access to your employer. This nightmare scenario recently became a reality for one Disney employee. WSJ reporter Robert McMillan tells us what exactly happened and what steps you can take to make it harder for the hackers if they slide into your digital life. Bob Our listeners might remember hearing about the hack that hit Disney last July. WSJ reported that a hacking entity stole and leaked online more than a terabyte of company Data, more than 44 million messages from Disney's Slack workplace communications tool. You recently profiled Matthew Van Andle, the Disney employee who downloaded the AI tool that led to the hack. What can you tell us about him?
[01:38]
Robert McMillan
A lot of people call him Dutch, that's his nickname. And he was a sort of mid level technology manager at Disney, a very earnest guy who was interested in the field of artificial intelligence and how it might apply to his work and decided to learn some stuff. Many of us do things like this. We'll try and experiment with new technologies. It's very easy to load a plug in onto your phone or onto your computer. There's just like a world of interesting technology, especially in the AI space right now. It's just blowing up. So there's all kinds of new stuff and staying on the cutting edge of that is pretty important to people who work in technology.
[02:16]
Charlotte Gartenberg
How did the hack happen?
[02:18]
Robert McMillan
It happened on GitHub, which is a website owned by Microsoft and is very, very popular with software developers, including people who are dabbling in the AI world. It's sort of a social network for coders and you can just establish your identity by posting software to it. And the hacker had created a plugin for an AI tool. So some software that helped make an AI tool called ComfyUI a little bit easier to Use and the plugin actually worked. People were using it. And. But unbeknownst to everyone using it, it was what we call a Trojan horse. It was software that looks like one thing, but actually ends up being malicious. Once Dutch had downloaded this to his personal computer, it gave access to this one password cache and other information on his personal computer that led to the hack. One day in July last year, he basically got a message from somebody he didn't know who made a reference to a lunch he had had just the day before. And he knew very specific details about this work lunch. There's no way this person could have known that it wasn't something that he posted on the Internet about. And so he started to really wonder what was going on. And then as he thought back, there'd been some weird things that had happened. Financial fraud related to his credit cards and other online accounts over the past few months. And he started to wonder if maybe he had been hacked.
[03:43]
Charlotte Gartenberg
So what was the personal impact for him?
[03:46]
Robert McMillan
It was a nightmare. This guy was extremely online, right? He's a technology person. And so he had like hundreds of online accounts. And what he found out eventually was that the hacker had not only stolen his identity, committed identity theft, had logged into his work Slack account and downloaded data from there, but he had also downloaded this person's digital life, basically, and then posted it to the Internet. The hacker got into this piece of software called 1Password, which is a password manager, something you use to simplify the process of logging into the hundreds of websites we all log into. So he had all this sensitive information stored in One Password that the hacker also accessed and also dumped online. So it was like a particularly devastating hack for him.
[04:35]
Charlotte Gartenberg
Van Andel realized that his 1Password account wasn't protected by a second factor. It required just a username and a password. And he hadn't taken the extra step of turning on two factor authentication. A 1Password spokesman said once someone has a key logging Trojan program on his or her computer, an attacker has nearly unrestricted access. So the hacker gained access to Van Andel's employer, Disney. What happened?
[05:03]
Robert McMillan
So he got access to Disney's Slack. It's a collaboration tool that people use to chat with each other while they're working. And sensitive information had been uploaded to Slack. The hacker downloaded a terabyte of Slack messages from Disney, and that included theme park and streaming revenue. There was private information about customers and employees, and it was just generally an embarrassing thing to have dumped in public for Disney.
[05:32]
Charlotte Gartenberg
And what has Disney said about the impact of the hack?
[05:36]
Robert McMillan
About a month after the hack, Disney said that they were investigating and they didn't expect it to have material impact on its operations.
[05:43]
Charlotte Gartenberg
And we should note, Disney told employees after the hack that it planned to move away from Slack in an effort to streamline its collaboration tools. And so what has since happened to Van Andel?
[05:54]
Robert McMillan
So eventually he handed in his laptop for a forensic analysis. It turned out that the hacker didn't get onto his corporate laptop. But when Disney looked at it, they claimed that he accessed inappropriate websites, pornographic websites on the work device, a claim that Mr. Van Andel denies, and they fired him.
[06:16]
Charlotte Gartenberg
Coming up, what can you do to avoid this kind of cybersecurity nightmare? More on shoring up your own defenses after the break.
[06:27]
Capella University Advertisement
Imagine what's possible when learning doesn't get in the way of life at Capella University. Our game changing flexpath learning format lets you set your own deadline so you can learn at a time and pace that works for you. It's an education you can tailor to your schedule. That means you don't have to put your life on hold to pursue your professional goals. Instead, enjoy learning your way and earn your degree without missing a beat. A different future is closer than you think with Capella University. Learn more at Capella. Edu.
[07:03]
Charlotte Gartenberg
Okay, I want to widen our lens here. Is hacking getting more prevalent or harder to protect against?
[07:10]
Robert McMillan
Lately it's always been hard to protect against. I've been covering cybersecurity for close to 20 years now, and there have always been problems. I think of cybersecurity as a problem that's like water kind of flowing downhill. You might dam it up at one place, but it'll just go around that and it sort of inevitably the hackers want to get on our computers. And they will find a way, because there's a very unfair equation, which is that they can be wrong as many times as they like in their attempt to get onto our computers. But we can only be wrong one time. If we make one mistake, then it can be game over. So a lot of people that I talk to in the cybersecurity world really feel that any determined hacker can get you no matter what. But if you make yourself as secure as possible, if you take some basic steps around cybersecurity, you can make yourself not the easiest target to hit.
[08:05]
Charlotte Gartenberg
Okay, so there's no penicillin answer. Do this and you won't be hacked.
[08:09]
Robert McMillan
Penicillin's a great actual metaphor because, you know, it was a miracle at first and now it's becoming less and less effective. Right. So what happens in cybersecurity is you get advice about what to do. People have been asking me if a VPN would have helped Dutch in this case. And VPNs were actually something that was useful 10 or 15 years ago, but their usefulness has eroded over time. It's basically a way of connecting to the Internet that essentially it's more secure. But the way we use the web anyway has become a lot more secure in the last 10 years. So it's not as important as it used to be.
[08:47]
Charlotte Gartenberg
All right, there's no penicillin for this. So what are some things that I can do to try to protect myself a bit better? Make myself a, let's say, less easy target?
[08:58]
Robert McMillan
We talked to the FBI for this story and they had one piece of advice that is pretty simple to follow and could really help you out. And basically what they said was, look at many people have hundreds of sites they log into, but there are some sites that are really sensitive that you really don't want anyone to get into, like your work Slack, for example, or your financial sites. Right. So when you're logging into these sites, there's often a window that appears that says remember me or keep track of who I am or something like that.
[09:33]
Charlotte Gartenberg
Or like a little checkbox, Right?
[09:34]
Robert McMillan
It's a little checkbox. I see it on my banking sites all the time. And they say, don't click that, because if you click that, you basically create a file on your computer that allows anyone to log into that website. And if you don't click that, then that file doesn't get created and that's one less thing that the hackers can steal and ruin your life with.
[09:54]
Charlotte Gartenberg
Is there anything else I can do?
[09:56]
Robert McMillan
Your important accounts should be protected with two factor authentication. And I recommend using software like Authenticator that runs on your phone and generates a code as the second factor. You can also get text messages for websites, but there is a hack called SIM swapping that if it's around a financial site, it can be really devastating to you. So it's better to use the codes on your phone than to get a text message as your second factor of authentication. But anyway, if you have accounts, if you're a high net worth or an individual and you have accounts that you're really worried about getting hacked, have one computer like a Chromebook, you know that these don't even have to cost very much money. Have one computer that you just use for your banking and don't download plugins to it and don't go to weird websites just have this be like, I'm only going to the bank. And that actually makes sense for some people.
[10:52]
Charlotte Gartenberg
Robert McMillan is a reporter for the Wall Street Journal. And that's it for Tech News Briefing. Today's show was produced by Jess Jupiter with supervising producer Katherine Millsop. I'm Charlotte Gartenberg for the Wall Street Journal. We'll be back this afternoon with TNB Tech Minute. Thanks for listening.