Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Threaten Media Firms After Stealing Unreleased TV Shows

A group of hackers has threatened to leak unreleased TV shows and movies belonging to Netflix and various television networks after breaching the systems of a production company. The incident once again underscores the security risks posed by third-party vendors.

A group of hackers has threatened to leak unreleased TV shows and movies belonging to Netflix and various television networks after breaching the systems of a production company. The incident once again underscores the security risks posed by third-party vendors.

The hacker group calling itself “TheDarkOverlord” has leaked several unreleased episodes from season 5 of Netflix’s “Orange is the new black” TV show. They obtained the files after reportedly breaching the systems of Larson Studios, an audio post-production company in Hollywood.

The hackers told that after they breached Larson Studios in December, the company had agreed to pay them 50 bitcoins to avoid having the stolen movies leaked to the public. TheDarkOverlord said Larson later changed its mind about giving in to the extortion demand.

The hackers recently changed their strategy and started targeting the companies whose movies they obtained. The first was Netflix, from which they demanded an undisclosed amount of money. The streaming giant refused to pay up, which led to the hackers leaking “Orange is the new black” episodes.

Netflix has confirmed that a production vendor used by several major studios had its systems compromised. The company said law enforcement authorities are aware of the incident and they have launched an investigation.

TheDarkOverlord claims to have obtained 37 TV shows and movies belonging to various networks, either one of which could be targeted next.

In the past months, the group breached the systems of several organizations, particularly ones in the healthcare sector.

This incident once again shows the risks posed by third-party vendors that fail to protect their customers’ data.

“What this highlights is the very real fact that managing risk at third-party vendors isn’t limited to regulated industries like Banking and Healthcare. Outsourcing critical services has become a way of life for companies in all industries, making the need to manage third-party risk a universal requirement. The debate over whether to pay ransom demands shouldn’t divert attention from the need to proactively manage all of the risks presented from outsourcing,” said Brad Keller, senior director of 3rd party strategy at Prevalent, a firm that develops third-party vendor management solutions.

“In addition to customer data and access to sensitive systems, those risks include: protecting all forms of intellectual property, merger and acquisition information, litigation strategies, and any other information a company wants/needs to protect,” Keller added. “While this was a hard lesson learned for Netflix, hopefully it will cause other companies to take a closer look at what they may have at risk at their vendors.”

Brian Vecci, technical evangelist at data protection firm Varonis, believes organizations should avoid doing business with vendors not capable of demonstrating that only the right users have access to sensitive data, and that they have mechanisms in place for detecting compromised users and systems.

“If you haven’t already, it’s time to make sure the third parties with whom you share data aren’t a weak link in your security chain. Vendors are hired for their expertise, and because of that they have access to and store an immense amount of their client’s data. More and more breaches start from a compromised third party, and this will have an impact on how future organizations and vendors conduct business together,” Vecci said.

Related: If You’re Only as Strong as Your Allies, Should You Trust Third-Party Code?

Related: Google Open Sources Vendor Security Assessment Framework

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...