Charlotte Gartenberg (3:43)

So what was the personal impact for him?

Robert McMillan (3:45)

It was a nightmare. This guy was extremely online, right? He's a technology person. And so he had like hundreds of online accounts. And what he found out eventually was that the hacker had not only stolen his identity, committed identity theft, had logged into his work Slack account and downloaded data from there, but he had also downloaded this person's digital life, basically, and then posted it to the Internet. The hacker got into this piece of software called 1Password, which is a password manager, something you use to simplify the process of logging into the hundreds of websites we all log into. So he had all this sensitive information stored in One Password that the hacker also accessed and also dumped online. So it was like a particularly devastating hack for him.

Charlotte Gartenberg (4:35)

Van Andel realized that his 1Password account wasn't protected by a second factor. It required just a username and a password. And he hadn't taken the extra step of turning on two factor authentication. A 1Password spokesman said once someone has a key logging Trojan program on his or her computer, an attacker has nearly unrestricted access. So the hacker gained access to Van Andel's employer, Disney. What happened?

Robert McMillan (5:02)

So he got access to Disney's Slack. It's a collaboration tool that people use to chat with each other while they're working. And sensitive information had been uploaded to Slack. The hacker downloaded a terabyte of Slack messages from Disney, and that included theme park and streaming revenue. There was private information about customers and employees, and it was just generally an embarrassing thing to have dumped in public for Disney.

Charlotte Gartenberg (5:32)

And what has Disney said about the impact of the hack?

Robert McMillan (5:35)

About a month after the hack, Disney said that they were investigating and they didn't expect it to have material impact on its operations.

Charlotte Gartenberg (5:42)

And we should note, Disney told employees after the hack that it planned to move away from Slack in an effort to streamline its collaboration tools. And so what has since happened to Van Andel?

Robert McMillan (5:54)

So eventually he handed in his laptop for a forensic analysis. It turned out that the hacker didn't get onto his corporate laptop. But when Disney looked at it, they claimed that he accessed inappropriate websites, pornographic websites on the work device, a claim that Mr. Van Andel denies, and they fired him.

Charlotte Gartenberg (6:15)

Coming up, what can you do to avoid this kind of cybersecurity nightmare? More on shoring up your own defenses after the break.

Capella University Advertisement (6:27)

Imagine what's possible when learning doesn't get in the way of life at Capella University. Our game changing flexpath learning format lets you set your own deadline so you can learn at a time and pace that works for you. It's an education you can tailor to your schedule. That means you don't have to put your life on hold to pursue your professional goals. Instead, enjoy learning your way and earn your degree without missing a beat. A different future is closer than you think with Capella University. Learn more at Capella. Edu.

Charlotte Gartenberg (7:03)

Okay, I want to widen our lens here. Is hacking getting more prevalent or harder to protect against?

Robert McMillan (7:09)

Lately it's always been hard to protect against. I've been covering cybersecurity for close to 20 years now, and there have always been problems. I think of cybersecurity as a problem that's like water kind of flowing downhill. You might dam it up at one place, but it'll just go around that and it sort of inevitably the hackers want to get on our computers. And they will find a way, because there's a very unfair equation, which is that they can be wrong as many times as they like in their attempt to get onto our computers. But we can only be wrong one time. If we make one mistake, then it can be game over. So a lot of people that I talk to in the cybersecurity world really feel that any determined hacker can get you no matter what. But if you make yourself as secure as possible, if you take some basic steps around cybersecurity, you can make yourself not the easiest target to hit.

Charlotte Gartenberg (8:04)

Okay, so there's no penicillin answer. Do this and you won't be hacked.

Robert McMillan (8:09)

Penicillin's a great actual metaphor because, you know, it was a miracle at first and now it's becoming less and less effective. Right. So what happens in cybersecurity is you get advice about what to do. People have been asking me if a VPN would have helped Dutch in this case. And VPNs were actually something that was useful 10 or 15 years ago, but their usefulness has eroded over time. It's basically a way of connecting to the Internet that essentially it's more secure. But the way we use the web anyway has become a lot more secure in the last 10 years. So it's not as important as it used to be.

Charlotte Gartenberg (8:46)

All right, there's no penicillin for this. So what are some things that I can do to try to protect myself a bit better? Make myself a, let's say, less easy target?

Robert McMillan (8:58)

We talked to the FBI for this story and they had one piece of advice that is pretty simple to follow and could really help you out. And basically what they said was, look at many people have hundreds of sites they log into, but there are some sites that are really sensitive that you really don't want anyone to get into, like your work Slack, for example, or your financial sites. Right. So when you're logging into these sites, there's often a window that appears that says remember me or keep track of who I am or something like that.

Charlotte Gartenberg (9:32)

Or like a little checkbox, Right?

Robert McMillan (9:33)

It's a little checkbox. I see it on my banking sites all the time. And they say, don't click that, because if you click that, you basically create a file on your computer that allows anyone to log into that website. And if you don't click that, then that file doesn't get created and that's one less thing that the hackers can steal and ruin your life with.

Charlotte Gartenberg (9:54)

Is there anything else I can do?

Robert McMillan (9:55)

Your important accounts should be protected with two factor authentication. And I recommend using software like Authenticator that runs on your phone and generates a code as the second factor. You can also get text messages for websites, but there is a hack called SIM swapping that if it's around a financial site, it can be really devastating to you. So it's better to use the codes on your phone than to get a text message as your second factor of authentication. But anyway, if you have accounts, if you're a high net worth or an individual and you have accounts that you're really worried about getting hacked, have one computer like a Chromebook, you know that these don't even have to cost very much money. Have one computer that you just use for your banking and don't download plugins to it and don't go to weird websites just have this be like, I'm only going to the bank. And that actually makes sense for some people.

Charlotte Gartenberg (10:52)

Robert McMillan is a reporter for the Wall Street Journal. And that's it for Tech News Briefing. Today's show was produced by Jess Jupiter with supervising producer Katherine Millsop. I'm Charlotte Gartenberg for the Wall Street Journal. We'll be back this afternoon with TNB Tech Minute. Thanks for listening.