For two weeks a hacker has leaked stolen information from pay-TV network HBO in dribs and drabs, including “Game of Thrones” plot lines, unaired episodes of “Curb Your Enthusiasm” and, reportedly, actors’ personal information.
The incremental data dumps have caused prolonged and widespread anxiety in Hollywood about the entertainment industry’s vulnerability to cybercrime, following recent attacks — and, occasionally, bogus threats — against the likes of Netflix and Walt Disney Co.
So far, though, it appears that the damage to HBO has been less than the hacker originally advertised. HBO says it is not negotiating with the hacker, and much of the stolen material does not appear to be easily accessible to the general public, severely limiting the impact of the breach.
In the latest round of leaks, a hacker going by the name “Mr. Smith” sent media outlets, including the Los Angeles Times, links to video files containing multiple episodes of the long-awaited ninth season of “Curb Your Enthusiasm,” which is scheduled to debut in October. Other affected shows include “Insecure” and “Ballers.”
However, it’s still unclear if people other than journalists have been able to access the pilfered material. Tech website TorrentFreak said it had scoured multiple piracy portals online and had yet to find the new episodes.
“It appears that the various journalists who received the latest batch of ... links are not very eager to post them in public,” the site said in a blog post.
Moreover, the new batch did not contain episodes from HBO’s flagship program “Game of Thrones,” which draws millions of viewers a week. In previous rounds, the hacker released preliminary outlines for upcoming “Game of Thrones” episodes.
To be sure, the attack is still a major headache for HBO, which acknowledged the incident last month, saying it was working with law enforcement and outside security experts. Hackers claimed to have swiped 1.5 terabytes of information, including episodes and internal documents such as emails. HBO Chief Executive Richard Plepler told employees that there was no evidence that the company’s email system has been compromised.
Stolen emails were a source of much embarrassment for top executives in the aftermath of the Sony hack. Even worse were the troves of personal data, including healthcare information, that Sony’s attackers unleashed onto the Web. In October 2015, Sony agreed to settle a class-action lawsuit by paying up to $8 million to reimburse employees for identity-theft losses, preventive measures and legal fees.
HBO, in a pointed statement Sunday, said the hacker responsible for the breach is putting out material piece by piece to sustain media attention.
“We are not in communication with the hacker and we’re not going to comment every time a new piece of information is released,” HBO said. “The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we’re not going to participate in.”
“Obviously, no company wants their proprietary information stolen and released on the Internet. Transparency with our employees, partners and the creative talent that works with us has been our focus throughout this incident and will remain our focus as we move forward.”
HBO had sent a note to the hacker offering $250,000 to participate in the company’s “bug bounty” program, in which computer experts are paid for pointing out vulnerabilities, but that appears to have been a delay tactic.
For HBO, one challenge right now may be to make sure the attack is over, and that additional material isn’t vulnerable to theft, said Brian Finch, a Washington, D.C., lawyer and lobbyist specializing in cybersecurity issues. “You need to be prepared to … identify what was actually taken versus what was just alleged to be taken,” he said.
Los Angeles Times staff writer Jill Leovy contributed to this report.