HBO Hack and Leaks

The hackers claim to have stolen HBO's entire email database, including emails of its employees, contractors, and Game Of Thrones filming crew. The hackers also claim to have stolen 1.5 terabytes worth of data; which includes both video content and employees' documents.

First Published 4th August 2017

HBO Hack and Leaks

 Hackers are coming.

4 min read  |  Reflare Research Team

US television network Home Box Office, Inc - better known as HBO - was hit by a large-scale hacking attack and an associated leaking of confidential files last week.

In this briefing, we will take a look at the details of the breach, unusual press coverage and potential mitigation strategies in the media industry.


HBO was hacked by a so far unknown group of attackers who subsequently stole a reported 1.5 terabytes worth of data from HBO servers. This data contained several unaired episodes of popular TV shows produced by HBO as well as unspecified other files.

The network chooses not to release significant details on the attacks as internal investigations are ongoing. The only confirmed details provided by HBO Chairman Mr. Richard Plepler provide us with the following points:

Third-Party Security Providers were brought in to investigate the breach

This is standard procedure during large breaches in non-IT companies. The capabilities required for adequate forensic discovery are not commonly found in such environments. The use of third-party vendors further allows victims of cyber attacks to make sure potential inside attackers have a harder time covering their tracks.

HBO does not believe the e-mail system as a whole to have been compromised

This wording is very interesting as it implies that at least parts of the email system were compromised or used in the attacks. Spear Phishing - the use of highly researched and targeted fake emails against individuals to trick them into performing actions useful to the attacker - is one of the most common attack vectors against large companies.

HBO intends to hire an outside firm to perform credit monitoring for employees

This indicates that at least some of the information stolen during the attacks may be used to either steal the identities of employees or perform transactions on their behalf using other methods.

Press Coverage

The leaks enjoyed relatively large attention from both the general public and media outlets. Notably, media sources not commonly covering cyber security topics but heavily focused on movies, TV and celebrities such as the Hollywood Reporter, Variety and Vanity Fair provided some of the most detailed and timely coverage of the incident.

This is likely to have exposed a segment of the population to coverage of a cyber attack that is not usually exposed to it. The impact on popular opinion remains to be seen.


Media companies are prime targets for cyber attacks. In addition to attackers motivated by monetary gain, their central role in modern culture they also have to deal with attackers motivated by a political agenda. Movie productions require a lot of technology but are not a subset of IT, meaning that a lot of complex technology is used by staff unlikely to have a strong background in common IT security practices. In addition to good policy and regular auditing, this makes employee-wide training an incredibly strong tool when protecting such entities.

Subscribe by email