The hackers behind HBO’s recent breach have leaked a screenshot of an email that shows a senior vp for the network offering the hackers $250,000 as a “bug bounty payment.”
In what appears to be an effort to embarrass HBO, the email dated July 27 and obtained by The Hollywood Reporter indicates a negotiation going on between the network and the hackers. But the HBO executive’s missive to the hackers is carefully worded and avoids language that would be construed as paying off the hackers and instead is framed as an offer for a reward for discovering vulnerabilities in HBO’s system.
The HBO executive instead says that the network has “been working hard since [July 23] to review all of the material that you have made available to us. … In the spirit of professional cooperation, we are asking you to extend your deadline for one week.” The email continues, “As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin.”
It is unclear if the HBO email is authentic or if it has been doctored in any way. However, the email to THR is from the same account going by “Mr. Smith” that has sent previous messages and proof of stolen content. THR has confirmed that the executive works for HBO in a technology capacity. HBO declined comment.
“We also have not been able to put into place the necessary infrastructure to be able to make a large payment in bitcoin, although we are taking steps to do so as you suggested,” the HBO exec says in the email.
On Aug. 3, the hackers sent an email to THR indicating their motive. “It’s just about money. We have weeks of negotiations with HBO officials, but they broke their promises and want to play with us…,” the email said.
The hackers claim to have 1.5 terabytes of data stolen from HBO. So far, they have released some unaired episodes of HBO content including Ballers and Room 104. On Monday, the hackers released a cache of data that contained a script summary for Sunday’s Game of Thrones episode as well as 30 days’ worth of emails from a programming executive. However, it does not appear that anyone other than journalists have been able to find the link that contains the files.
In that same data dump, the hackers included what appeared to be their original demands in the form of a video letter to HBO CEO Richard Plepler that says, “We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).” In the letter to Plepler, which unfolds as a scroll set to ominous music, the hackers demand money, though the figure was redacted.
Hollywood hacking victims are typically loath to acknowledge that they pay up or even offer to make a payment, as it would set a precedent that could have a ripple effect in the industry. However, in the recent wave of attacks that have hit the industry over the past year, at least one victim has paid the hackers. It is also possible that HBO had no intention of paying the hackers any money and was looking for a way to stall for more time to ascertain the scope of the breach before stolen items were released on the internet.