That HBO Game of Thrones Hack Was Worse Than We Thought

[grimm]

Well, this isn’t terribly surprising. According to the latest dispatch from Variety, the hackers who broke into HBO’s servers and stole 1.5 terabytes of data, including at least one Game of Thrones script, also stole employee data. More specifically, the hackers made off with “thousands of Home Box Office (HBO) internal company documents.” That’s bad.

Thanks to a DMCA takedown notice, we now know that the HBO cyber heist not only included secret information about shows but also information about HBO employees. This update comes as a result of a disclosure made by a security company recently tasked with preventing links to the stolen content showing up on Google. Variety reports:

The hackers appear to have also leaked personal information of a senior HBO executive. That information, published online in a text document, contains access information to dozens of online accounts, including paid newspaper subscriptions, online banking, and personal health services. At least one of these accounts may also have given the hackers access to the executive’s work email. …

An image file published as part of the leaks … appears to show screenshots of HBO’s internal administration tools, listing employee names and email addresses and their functions within the organization.

Eeeegggghhhhhh that’s really bad. This revelation makes the HBO hack look a lot more like the dreaded Sony hack of 2014, an incident that led to bad things like leaked financial information and details of Sony executives Amazon purchases.

Initially, it appeared that the recent HBO hack was most impactful for the theft and possible leak of Game of Thrones data. The digital thieves also allegedly released unseen episodes of Ballers, Insecure, and Room 104, but those plot lines will hardly shift the scope of global politics in the same way that George R.R. Martin’s dragon-studded epic might. The new disclosure, Variety reports, also includes, “Two episodes of ‘Barry,’ the hit man comedy starring Bill Hader that is not scheduled to air until 2018 on the network.”

Let’s be honest, though. None of the leaked episode data could be nearly as damaging as private information about HBO employees. If the personal banking details of one HBO executive have already been released, there’s a good chance that the hackers have more data like that. And frankly, the notion of such sensitive information finding its way on to the internet is very, very bad for HBO.

For now, at least, it looks like HBO is working hard to contain the dissemination of the leaked information. To the company’s credit, links to download the stolen data haven’t made it on to mainstream internet forums like Reddit, though it certainly might in the coming hours and days. Let’s hope not, though. It might be fun to know what’s going to happen next on Game of Thrones. It’s no fun for unsuspecting HBO employees to deal with the disaster of their most personal information being shared around the web. 

Update 4:45pm - HBO corporate is now reassuring staff that their email inboxes were not implicated in the attack. As Entertainment Weekly reported, chairman Richard Plepler told HBO staff in an email:

As promised, I wanted to update you on our recent cyber incident and where we currently stand. There has been and will continue to be an enormous amount of speculation in the media. It is important to understand that, as is often the case, things you read may very well not be true. Many people have expressed particular concern about our e-mail system. At this time, we do not believe that our e-mail system as a whole has been compromised, but the forensic review is ongoing. We are also in the process of engaging an outside firm to work with our employees to provide credit monitoring and we will be following up with those details. Meantime, continue to do the excellent work which defines this company across all departments and know that the appropriate teams are working round the clock to manage our way through this difficult period.

That said, we still don’t know if the hackers managed to get ahold of any emails. That’s up to the hackers to reveal at this point.