HBO has become hackers’ latest entertainment industry target: attackers have breached the company’s servers, and they claim to have syphoned from them 1.5 terabytes of data.
The extent of the breach
The breach has been confirmed by HBO, who said that proprietary information, including some of their programming, was compromised as a result of the “cyber incident,” but did not specify what specific data was stolen.
According to Entertainment Weekly, the attackers have already leaked online unreleased episodes of Ballers and Room 104, and a script that seems to be that for the next episode of HBO’s mega-popular Game Of Thrones series.
The hackers, who do not seem interested in money but in hurting the company, have emailed many entertainment journalists and apparently shared a link to the leaked files. “Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling,” they added.
The hackers told Wired that they’ve penetrated HBO’s network and collected “files and films and scripts and so on.” They claim they have also exfiltrated a lot of information about HBO’s staff and other internal info. Whether this is true or not remains to be seen.
The scope of the breach is yet to be determined, but if what the attackers claim is true, this hack resembles more that of Sony (in 2014) than the more recent one resulted in the leakage of unreleased Orange Is The New Black episodes, stolen from post-production company Larson Studios.
HBO has called in outside cybersecurity firms to help with the investigation, and has notified law enforcement of the incident. HBO chairman and CEO Richard Plepler has notified HBO employees of the breach via email.
“Ever since the infamous attack on Sony Pictures, there is evidently an appreciation on the part of hackers for stealing high value content such as movies and TV shows,” noted Richard Stiennon, Chief Strategy Officer at Blancco Technology Group.
Fiinal production videos are a class of information and the theft of such information can lead to extraordinary losses, he pointed out, adding that content producers and all the parties involved in shooting, editing and post-production processing and distribution should be on high alert.
“They should immediately review their data governance policies and discover the weak links in protecting their content and shore up their defenses. An information governance policy should take into account where critical content resides at all times. That content should be protected even when it’s in the hands of third party service providers. To avoid these types of losses, this type of content and all files associated with it should be securely erased when it is no longer required,” he advised.