Man hacks Disney employee, stealing 1.1TB of company data

A California man has pleaded guilty to hacking Disney via a fake artificial intelligence (AI) platform that promised to generate AI art. Instead, it ran malicious software, allowing the hacker to steal terabytes of confidential data.

Ryan Mitchell Kramer, 25, has pleaded guilty to hacking Disney’s systems. Kramer managed to steal 1.1TB of data from the mass media and entertainment company via a malicious platform that promised to generate AI art.

The victim downloaded the program sometime between April and May of 2024, and instead of being an AI-image generator, it was actually a malicious program that allowed Kramer to access his victim’s computer.

Kramer uploaded the malicious software to various online platforms, including GitHub, where the victim supposedly downloaded the program.

Once downloaded, Kramer accessed the victim’s device and could access an account where the employee stored login credentials and passwords.

The information gathered included logins for the employee's work and personal accounts.

Kramer then accessed the employee's Slack account, a cloud-based communications platform commonly used by businesses.

The hacker harvested confidential information from Disney’s private Slack channels.

Kramer downloaded approximately 1.1 terabytes of confidential data from thousands of Disney’s Slack channels.

Following the attack, Kramer pretended to be a member of the Russia-based hacktivist group “NullBulge” and threatened to leak the employees' personal information and Disney’s confidential data.

The employee failed to respond, and Kramer did as promised – he leaked Disney’s data and the victim’s bank account, medical, and personal information on multiple sites.

But this employee wasn’t the only victim. Kramer admitted in the plea agreement that other people fell victim to the fake AI-image generator, as he managed to access the devices of at least two other victims.

Kramer entered a plea agreement and has been charged with one count of accessing a computer and harvesting information, and one count of threatening to damage a protected computer, the Department of Justice (DoJ) has revealed.