Skip to main content

Game of Pwns: What you need to know about the massive HBO data breach

by Paul Roberts on Thursday August 3, 2017

Contact Us
Free Demo

The hack of everyone’s favorite entertainment mill could be bigger than the hack of Sony Entertainment. We break down what happened.

Will Cersei succeed in her quest to rule the seven kingdoms, or will Daenerys Targaryen and her three, magnificent dragons carry the day? And what about the star-crossed Sansa Stark and the denizens of Winterfell?

If you’re not a Game of Thrones fan, this all sounds like gibberish to you. But if you’ve been hooked by HBO’s epic fantasy drama – now in its seventh season – these are weighty questions that bounce around in your head for days, as you await the next episode. Game of Thrones is one of the few shows to still run serially, rather than dropping a whole season at once for the binge watchers to prey on.

One thing you definitely don’t want to interrupt your revelry, however, are spoilers. (This, even though much of the drama is based on already-published fantasy novels and abound with spoilers of all sorts.) But that’s just what hackers delivered last week, in the form of leaked scripts of upcoming episodes – apparently the product of a massive hack and theft of a trove of more than 1 terabyte of data, the contents of which are still largely unknown.

The attack is being described as bigger and more devastating than the attack on Sony Pictures Entertainment in 2014. That attack was eventually linked back to the government of North Korea, resulted in embarrassing exposures of internal emails and hobbled Sony’s operations for weeks following the attack.

So what happened? Here’s what we know so far:

What: The leak of the Game of Thrones script was first reported by the entertainment industry publication Entertainment Weekly based on leaked internal emails from the company. The hackers responsible released upcoming episodes of the HBO series Ballers and Room 104, as well as a script for the coming episode of Game of Thrones. There was speculation that employee email messages may have also been pinched. In a statement Wednesday, however, HBO CEO Richard Plepler told staff that the company doesn’t believe the e-mail system “as a whole” has been compromised.

A leak website created to aggregate the stolen data offered links to scripts and downloadable episodes of HBO series such as Game of Thrones (Episodes 3 and 4 from Season 7), Ballers (Season 3 Episodes 1-3), as well as Barry 101, Room 104 and Insecure. However, that site was quickly taken down. Word is that the episodes and scripts truly have been leaked and are available online, however.

Who: Who did this? So far, nobody knows. Whoever was behind it reached out to scads of entertainment industry reporters to claim responsibility and offer proof of the hack. Reporting by James Hibberd of Entertainment Weekly (follow him @jameshibberd if you want the latest on this developing story) as well as pins the blame on a hacker that goes by the handle “Mr. Smith,” though little is known about his identity or location. It does not appear to be the same hacker responsible for an April compromise and data leak of HBO competitor Netflix. Though, without a clear idea of the identity of either individual it is impossible to know whether the two hacks are related.

How: It’s not clear how the hack was carried out. In the case of Sony, the attack was claimed by a phony “hacktivist” group calling itself the Guardians of Peace (GOP), but was linked by cyber security experts and the U.S. intelligence community back to “The Lazarus Group,” a so-called “APT” group affiliated with the DPRK, North Korea’s government. Though the exact details of that attack aren’t known, it is known that attackers compromised the account of a company information technology administrator and used that to roam freely over the company’s internal network, stealing data and planting malicious software.

In the case of HBO, hackers are also claiming to have compromised the company itself, rather than a third party. The exact attack vector isn’t known, but one link on the site offered an archive called “Viviane Passwords” containing login credentials used by Viviane Eisenberg and HBO’s Senior Vice President and legal counsel – a possible insight into the source of the leak.

Why: The motive is unclear, as was the motive for the April attack on Netflix. However, criminal extortion has to be high on the list of possibilities. Whoever is responsible for the hack has made plenty of noise about it and released some – but not all – of what he or she is said to possess. Among the un-leaked intellectual property are – according to “Mr. Smith” – full, unreleased episodes of Game of Thrones. That may indicate that the hacker is communicating with HBO executives and holding back stolen information in hopes of receiving a ransom payment. HBO is reportedly working with the FBI as well as the security firm Mandiant to investigate and recover from the breach.

Stay tuned. We’ll be covering this more as the story evolves!

Tags:  Data Breaches

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.