HBO appears to have agreed to pay hackers $250000 who hacked their account and stole scripts, shows and employee information. The hackers released an email this week from HBO in which a company executive expressed willingness to pay them the amount and also thanked the hackers for making them aware of previously unknown vulnerabilities. Both Variety and The Hollywood Reporter received a transcript of the message sent by HBO offering the hackers payment.
In that email, the executive asked for a 1-week delay and said HBO was willing to pay the $250000 as part of its bug bounty program rewarded to IT professionals rather than calling it as ransom.
“It’s interesting that they’re spinning it as a bug bounty program,” said Pablo Garcia, CEO of FFRI North America, based in Aliso Viejo, California. “They’re being extorted. If it was a bug bounty, it’d be on the up and up.”
The HBO executive instead says that the network has “been working hard since [July 23] to review all of the material that you have made available to us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week.”
“This episode of the HBO hack is turning out to be a ‘Game of Thorns’ for HBO. A pre-emptive move of running a bug bounty program may have gone very far for HBO, as it would for companies that handle valuable wares.” said Ankush Johar, Director, BugsBounty.com.
The HBO leak became publicly known on July 31. The leak included an upcoming Game of Thrones script and two unreleased episodes of Ballers and Room 104 after a security breach at HBO where hackers claim to have made off with 1.5 terabytes of its data. HBO has said that it is working with law enforcement and cyber security firms to investigate the attack, which is the latest to hit a Hollywood business.
The leak may have inflicted fewer wounds on HBO than it did on Sony in 2014. But paying ransoms in such situations may not be the answer. In fact, it shows that being a bad-guy(hacking) is a good business.