The hackers behind HBO’s recent breach have leaked a screenshot of an email that shows a senior official for the network offering the hackers $250,000 as a “bug bounty payment.”
Home Box Office (HBO) is the premium television programming subsidiary of Time Warner and the world’s most successful pay TV service, providing two television services-HBO and Cinemax- to approximately 127 million subscribers worldwide.
The hackers claim to have 1.5 terabytes of data stolen from HBO.
The email dated July 27 and obtained by The Hollywood Reporter indicates a negotiation going on between the network and the hackers. But the HBO executive’s missive to the hackers is carefully worded and avoids language that would be construed as paying off the hackers and instead is framed as an offer for a reward for discovering vulnerabilities in HBO’s system.
The HBO executive instead says that the network has “been working hard since [July 23] to review all of the material that you have made available to us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week.” The email continues, “As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin.”
It is unclear, as the report says, if the HBO email is authentic or if it has been doctored in any way. However, the email to THR is from the same account going by “Mr Smith” that has sent previous messages and proof of stolen content. THR has confirmed that the executive works for HBO in a technology capacity. HBO declined comment.
“We also have not been able to put into place the necessary infrastructure to be able to make a large payment in bitcoin, although we are taking steps to do so as you suggested,” the HBO exec says in the email.
Commenting on the development, Ankush Johar, Director, BugsBounty.com said, “This episode of the HBO hack is turning out to be a ‘Game of Thorns’ for HBO. As far back as July 27, HBO got into a negotiation with the hackers, it appears. A pre-emptive move of running a bug bounty program may have gone very far for HBO, as it would for companies that handle valuable wares.”
“There is a possibility that HBO’s pre-emptive bug bounty program may have yielded a better security posture for them, avoiding this situation altogether. Ethical hackers are helping hundreds of corporations as well as the US Department of Defense very successfully,” he added.
BugsBounty is India’s largest community of ethical hackers and the fourth ever such community in the world. BB works with over 100 clients including banks and media companies to simulate real world hacking situations, with the best hackers the world has to offer.
Hollywood hacking victims are typically loath to acknowledge that they pay up or even offer to make a payment, as it would set a precedent that could have a ripple effect in the industry.