HBO hackers who have been threatening to leak yet to be telecasted Season 7 finale of Game of Thrones, titled The Dragon and the Wolf, if HBO do not pay $6.5 million in Bitcoin, have finally leaked some parts of the series on the Internet. Collectively known as “Mr Smith“, the hacker reached out to online technology news website Mashable late in the evening yesterday revealing a data dump from the HBO leaks including “confidential plot summaries and outlines” that purportedly sum up the end of season 7. The data dump contains what they claim is the end of Season 7 of Game of Thrones.
The HBO hackers further made a revelation that they sold over 5 TB of HBO's data to three customers in the deep web market (an underground online market inside a hidden private internet) which opens up a huge possibility of the much anticipated season finale getting leaked before the scheduled date. Mashable decided not to leak the details of the finale. HBO chose to not comment on the matter.
The HBO hackers said in an email to Mashable “By the way, we officially inform you and other hundred of reporters whom emailing us that we sold ‘HBO IS FALLING's entire collection (5 TB!!!) to 3 customer in deep web and we earned half of requested ransom,” they also added “We put a condition for our respected customers and they approved. We will leak many many waves of HBO's internal stuff to punish them for playing us and set an example of greedy corporation.”
The group had demanded $6.5 million in Bitcoin to stop the leaks but HBO did not cooperate. The hackers now claim to have sold the data to deep web buyers and made over $3.2M of it.
“1.5 Terabytes is a huge amount of data. If the basic threat-intelligence and breach detection mechanisms, if in place, would have detected the leak and help mitigate the damage. This is a big lesson for HBO and others too,” said Ankush Johar, Director of BugsBounty.com, a crowd sourced security platform for ethical hackers and organisations.
HBO allegedly offered $250,000 to the “Mr Smith group” to halt the leaks but the group managed to sell the data for over a million dollars each to 3 of the dark market buyers.
Johar said that this shows a clear discrepancy between the bounty a company is willing to pay for its security and the demand for the data in the community. “A pre-emptive measure of having a bug bounty program with even a fraction of these rewards would have motivated the ethical hackers enough to report possible vulnerabilities and avoid this situation all together,” he added.