CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Threaten Media Firms After Stealing Unreleased TV Shows

A group of hackers has threatened to leak unreleased TV shows and movies belonging to Netflix and various television networks after breaching the systems of a production company. The incident once again underscores the security risks posed by third-party vendors.

A group of hackers has threatened to leak unreleased TV shows and movies belonging to Netflix and various television networks after breaching the systems of a production company. The incident once again underscores the security risks posed by third-party vendors.

The hacker group calling itself “TheDarkOverlord” has leaked several unreleased episodes from season 5 of Netflix’s “Orange is the new black” TV show. They obtained the files after reportedly breaching the systems of Larson Studios, an audio post-production company in Hollywood.

The hackers told DataBreaches.net that after they breached Larson Studios in December, the company had agreed to pay them 50 bitcoins to avoid having the stolen movies leaked to the public. TheDarkOverlord said Larson later changed its mind about giving in to the extortion demand.

The hackers recently changed their strategy and started targeting the companies whose movies they obtained. The first was Netflix, from which they demanded an undisclosed amount of money. The streaming giant refused to pay up, which led to the hackers leaking “Orange is the new black” episodes.

Netflix has confirmed that a production vendor used by several major studios had its systems compromised. The company said law enforcement authorities are aware of the incident and they have launched an investigation.

TheDarkOverlord claims to have obtained 37 TV shows and movies belonging to various networks, either one of which could be targeted next.

Advertisement. Scroll to continue reading.

In the past months, the group breached the systems of several organizations, particularly ones in the healthcare sector.

This incident once again shows the risks posed by third-party vendors that fail to protect their customers’ data.

“What this highlights is the very real fact that managing risk at third-party vendors isn’t limited to regulated industries like Banking and Healthcare. Outsourcing critical services has become a way of life for companies in all industries, making the need to manage third-party risk a universal requirement. The debate over whether to pay ransom demands shouldn’t divert attention from the need to proactively manage all of the risks presented from outsourcing,” said Brad Keller, senior director of 3rd party strategy at Prevalent, a firm that develops third-party vendor management solutions.

“In addition to customer data and access to sensitive systems, those risks include: protecting all forms of intellectual property, merger and acquisition information, litigation strategies, and any other information a company wants/needs to protect,” Keller added. “While this was a hard lesson learned for Netflix, hopefully it will cause other companies to take a closer look at what they may have at risk at their vendors.”

Brian Vecci, technical evangelist at data protection firm Varonis, believes organizations should avoid doing business with vendors not capable of demonstrating that only the right users have access to sensitive data, and that they have mechanisms in place for detecting compromised users and systems.

“If you haven’t already, it’s time to make sure the third parties with whom you share data aren’t a weak link in your security chain. Vendors are hired for their expertise, and because of that they have access to and store an immense amount of their client’s data. More and more breaches start from a compromised third party, and this will have an impact on how future organizations and vendors conduct business together,” Vecci said.

Related: If You’re Only as Strong as Your Allies, Should You Trust Third-Party Code?

Related: Google Open Sources Vendor Security Assessment Framework

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.