NullBulge's AI-Powered Malware Allegedly Compromises Disney Employee and Internal Data

In February 2024, Disney employee Matthew Van Andel downloaded free AI image generation software from GitHub while experimenting with artificial intelligence technology on his home computer. The software contained hidden malware that gave hackers access to his entire digital life, including his 1Password password manager and session cookies that allowed access to Disney's Slack channels. The hacker, claiming to be from the Russia-based group NullBulge, had access to Van Andel's computer for five months before contacting him in July 2024. The attacker threatened Van Andel and subsequently published over 44 million Disney messages from Slack online, including private customer information, employee passport numbers, and theme park revenue data. The hacker also leaked Van Andel's personal information including his Social Security number, credit card details, and login credentials to financial accounts and home security cameras. Van Andel's children's gaming accounts were hijacked and his social media was filled with offensive content. Disney fired Van Andel eleven days after the breach, claiming forensic analysis found pornographic material on his work computer, which he denies. He lost approximately $200,000 in bonuses and his health insurance was terminated. The incident was part of a broader campaign by the NullBulge group targeting AI and gaming communities through poisoned software repositories on platforms like GitHub and Hugging Face.