HBO Hack: Data Breach Worse Than Sony Attacks, Full Episodes Stolen
The U.S. Federal Bureau of Investigation is reportedly joining the investigation into a hack that resulted in unreleased episodes, photos and scripts of popular HBO shows being leaked online, The Hollywood Reporter reported. It’s not yet clear how the hackers operated, but a web security expert told International Business Times that a web application may have been vulnerable.
The breach of the network’s systems resulted in 1.5 terabytes (TB) of data being stolen, including full episodes of “Ballers” and “Room 104.” Partial scripts from “Game of Thrones” were also stolen.
No episodes of the network’s most popular show have leaked online, though the greatest fear now for HBO executives is the possibility that emails and other communications may have been stolen and could be published online.
Read: 'Game of Thrones' Season 7, 'Ballers' Spoilers Leak In HBO Hack
According to the Hollywood Reporter, HBO first learned of the breach on July 27. On July 29, the company alerted its more than 2,500 employees of hack and advised them not to open any suspicious emails. By July 30, stolen documents from the company had been published online by the apparent hacker, who goes by the handle little.finger66.
The content was briefly hosted on a site called Winter-Leak, it has since been taken offline.
The data stolen from HBO — which includes photos, videos, scripts and other valuable files relating to the network’s intellectual property — reportedly had been stored in several locations, suggesting the hackers breached multiple points of entry in the company’s computer network.
While details of the hack are still sparse, Ferruh Mavituna, CEO of web security firm Netsparker, suggested to IBT that the hack may have exploited weaknesses in web applications used by the company.
“I do not have details of what vulnerability the hackers managed to exploit in HBO's case, but considering that the biggest cause of recent data breaches were web application hacks, and more specifically SQL Injection vulnerabilities, I wouldn't be surprised if it was a web application hack,” he said.
Read: Disney Hacked: New 'Pirates of the Caribbean' Movie Reportedly Held For Ransom
The 1.5TB of data marks one of the largest cyber heists to be reported. It is roughly seven times the size of the Sony Pictures hack that took place in 2014 — a hack in which full length films were stolen and published online.
Because of the size of the hack and the apparent breach of multiple HBO systems, the company now fears it, like Sony, will be subject to embarrassing and revealing internal communications and other documents not meant for public consumption being leaked online.
HBO is just the latest Hollywood entity to be targeted by hackers, but the occurrence appears more targeted and malicious than other recent incidents. Unlike the theft of “Orange Is The New Black” and the supposed theft-turned-hoax of “Pirates Of The Caribbean: Dead Men Tell No Tales,” there was no ransom attempt made against HBO.
Prior attacks also were the result of larger sweeps that just happened to produce the stolen content. In the case of HBO, the attack appeared to be targeted and persistent, hitting multiple points of entry in the company’s network.
The investigation should focus on the motivation of the hackers, Bahram Attaie, assistant professor at Syracuse University's School of Information Studies, told IBT. “There is a broad spectrum [of motivation] from monetary gain to boasting rights,” he said, noting the hackers in this instance seemingly “do not have any monetary ambitions.”
© Copyright IBTimes 2024. All rights reserved.