The hackers who breached HBO and leaked episodes of Ballers, Room 104 along with some written material allegedly from next week's Game of Thrones with threats to leak more may have stolen more than 1.5TB of data.
This is an estimated seven times more data than what was stolen in the Sony hack and has prompted the involvement of the FBI and the cybersecurity firm Mandiant which ironically also was targeted around the same time as the HBO hack and lead the investigation into the Sony breach.
The leaked data also included internal documents and email correspondence with threat actors targeting specific content and data housed in different locations, suggesting multiple points of entry, insiders told the Hollywood Reporter.
HBO chairman Richard Plepler sent an email to his staff assuring them that their email system wasn't likely breached as a result of the incident.
“At this time, we do not believe that our e-mail system as a whole has been compromised, but the forensic review is ongoing,” Plepler said in a 2 August email to his staff obtained by Entertainment Weekly.
“We are also in the process of engaging an outside firm to work with our employees to provide credit monitoring and we will be following up with those details.”
BlackBerry chief security officer Alex Manea said the entertainment industry still needs to update its security model to reflect the reality of the modern IT ecosystem as there are plenty of ways that the breach could have been prevented as all of the necessary technology is readily available.
“If Game of Thrones has taught us anything, it's that enemies will always try to find and exploit our biggest weaknesses, be they physical, mental or in this case digital,” Manea said. “And just as in the hit HBO show, our goal isn't to make our defenses impenetrable, it's to make them strong enough that hackers simply move on to easier targets.”
While commending HBO for taking a proactive approach to notifying its employees before news of the hack broke, SailPoint president and co-founder Kevin Cunningham said the breach was another example of how unstructured data stored in files, creates significant risks for organisations as it relates to exposing sensitive data.
“Even though that data runs rampant through a typical organization, 71 percent of businesses aren't sure how to manage and protect data from theft,” Cunningham said.
“Identity management solutions can help IT protect that data by managing and controlling user access across the entire organisation, regardless of who has access, from where and from what device.”
He added that visibility is more critical than ever as an organisations across every industry are facing an onslaught of breaches.