Cyber Incident Victim: Home Box Office
Date:
Aug 2017
Location:
United States of America
Summary
HBO experienced multiple security breaches involving unauthorized access to internal data and social media accounts. Attackers exfiltrated 1.5 terabytes of sensitive information, including unaired episodes of popular series, scripts, shooting schedules, and confidential employee communications. A separate incident saw hacking group OurMine compromise the organization's Twitter accounts, posting security warnings. The perpetrators demanded a multi-million dollar ransom to prevent further leaks, leading to public dissemination of actors' personal details and network credentials. HBO initially offered a smaller bounty but later ceased negotiations. An unrelated third-party error also resulted in premature release of an episode. The breaches collectively exposed significant vulnerabilities and resulted in widespread unauthorized distribution of proprietary content.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2017, HBO experienced a significant cybersecurity breach resulting in the theft of approximately 1.5 terabytes of confidential data. Attackers gained access to unaired television episodes, including upcoming installments of Game of Thrones, Curb Your Enthusiasm, Insecure, Ballers, Barry, and The Deuce. The hackers subsequently issued a ransom demand exceeding $6 million, threatening to release the stolen content if unpaid. HBO initially responded by offering a $250,000 "bug bounty" payment, which cybersecurity experts interpreted as a potential stalling tactic. When negotiations failed, the attackers began systematically leaking sensitive materials, including personal contact information for Game of Thrones actors, internal network passwords, and emails from HBO's vice president for film programming. The leaked content also contained production documents such as shooting schedules and diaries from Game of Thrones Season 7. A separate operational error by HBO's Nordic and Spanish divisions through a third-party vendor accidentally released Episode 6 of Game of Thrones Season 7 prematurely, though this was unrelated to the malicious breach.
On August 16-17, 2017, HBO suffered a secondary compromise when the OurMine hacking group infiltrated multiple corporate Twitter accounts, including the main HBO profile and those dedicated to Game of Thrones and Girls. The attackers posted messages stating "Hi, OurMine are here, we are just testing your security" accompanied by the hashtag #HBOHacked. HBO regained control of the accounts within one hour and initiated an investigation into the breach. Concurrently, the original July attackers operating under the alias 'Mr Smith' released additional stolen materials, including files related to Westworld Season 2 and further Game of Thrones production documents, accompanied by the taunt "Winter really is here." HBO declined to comment on these subsequent leaks while maintaining its refusal to continue negotiations with the extortionists. The incident exposed systemic vulnerabilities in HBO's digital infrastructure and resulted in widespread unauthorized distribution of proprietary content across piracy networks.