February 28, 2025 - A Disney employee’s seemingly innocent download of an AI-powered tool from GitHub spiraled into a devastating breach that compromised both his personal life and the company’s internal operations. The incident highlights the growing risks of malware-laced software, as well as the vulnerabilities of workplace collaboration platforms like Slack and developer tools such as GitHub.

In February 2024, Matthew Van Andel, a Disney engineer, unknowingly opened the door to a hacker by installing an AI image-generation tool from GitHub. While the tool functioned as expected, it harbored malicious code that allowed the hacker to infiltrate Van Andel’s system. The malware provided access to his password manager which, among other things, contained credentials to Disney’s internal Slack channels.

For months, Van Andel remained unaware of the intrusion. Then, in July the hacker made his presence known with a direct message: “I have gained access to certain sensitive information related to your personal and professional life.” The hacker backed up the threat by referencing details only someone with inside access could know.

A day later the hacker leaked 1.1 terabytes of Disney’s private data, exposing confidential customer records, employee passport numbers, and internal discussions. The hacker further escalated the attack by dumping the entirety of Van Andel’s password manager credentials online, leading to an avalanche of personal threats, financial fraud, and identity theft against him.

Van Andel’s ordeal didn’t end there. Strangers began harassing him through phone calls and messages, and his social security number, bank details, and even access to his home security cameras were compromised. He suffered extreme stress, panic attacks, and financial losses as his credit cards were maxed out by cybercriminals.

Instead of receiving support from his employer, Van Andel was terminated by Disney following an internal forensic investigation that allegedly uncovered inappropriate material on his work computer. He denied the allegations, arguing that he was the victim of a sophisticated cyberattack. His dismissal cost him his health insurance and an estimated $200,000 in bonuses.

He is now suing Disney and trying to rebuild his life, taking on contract work while his family has launched a crowdfunding campaign to help with expenses.

In response to the breach, Disney announced that it would be transitioning away from Slack as its primary workplace communication tool, opting for a more secure enterprise collaboration platform. This decision came just days after Salesforce CEO Marc Benioff publicly praised Disney’s use of Slack, creating an awkward juxtaposition.

While Salesforce maintains that security is a shared responsibility between platform providers and users, critics argue that collaboration tools need stronger built-in safeguards. The Disney breach serves as a stark warning to other corporations about the potential risks of third-party messaging platforms.

This cyberattack underscores the dangers of downloading software from open-source platforms like GitHub without proper vetting. While GitHub is an invaluable resource for developers, it also provides a breeding ground for cybercriminals who disguise malware as useful tools. The incident highlights the need for stricter oversight and better security measures in the software supply chain.

Similarly, the breach has raised concerns about Slack’s security. While Slack has security features in place, its reliance on user-controlled access settings leaves room for exploitation. Disney’s decision to abandon Slack could serve as a warning to other enterprises evaluating the risks of using third-party collaboration tools for sensitive internal communications.

Van Andel’s story serves as a cautionary tale for both individuals and corporations. To avoid similar attacks, cybersecurity experts recommend the following:

• ·        Verify software sources: Only download tools from trusted, verified publishers.
• ·        Use multi-factor authentication (MFA): Even if passwords are compromised, MFA can prevent unauthorized access.
• ·        Regularly monitor access logs: Identifying unusual activity early can prevent extensive damage.
• ·        Limit credential storage in password managers: Sensitive information should be compartmentalized to minimize exposure.
• ·        Conduct regular employee training: Phishing and social engineering attacks remain leading methods of infiltration.

As cyber threats continue to evolve, companies must take proactive steps to secure their data, while employees should exercise greater caution when downloading third-party applications. The Disney breach is a sobering reminder that one small mistake can lead to catastrophic consequences. 

by Jim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow ACCESS