Matthew Van Andel’s life was turned upside down after downloading an AI tool from GitHub that unknowingly contained malware. This led to his personal information, including financial details and his family’s data, being leaked. Despite his efforts to secure his information, the hacker used his password manager to gain access to both personal and work accounts. The data breach at Disney, where Van Andel worked, resulted in his firing, causing significant financial and personal loss.

The Shocking Consequences of a Malicious Tool Download

In February of last year, Disney employee Matthew Van Andel unknowingly downloaded an tool from GitHub that would change his life forever. Initially, the tool seemed helpful, but hidden within its files was malware designed to steal sensitive information.

The Discovery of the Hack

The hacker, who went by the name “Nullbulge,” first contacted Van Andel on Discord, referencing private conversations he had at work. It quickly became clear this was no ordinary spam, as the hacker threatened to release personal information unless Van Andel complied. The next day, the hacker leaked sensitive Disney data, including customer info and revenue numbers, along with Van Andel’s personal details—credit cards, social media accounts, and even his children’s Roblox logins.

The Path to the Breach

Van Andel later discovered that the malware had infiltrated his password manager, 1Password, because he had not enabled two-factor authentication. The hacker likely used a Trojan virus to gain unrestricted access to his computer.

The Aftermath

Despite contacting Disney’s cybersecurity team immediately, it was too late. Eleven days later, Van Andel was fired under false claims of accessing inappropriate material at work, costing him his job, bonuses, and healthcare.