You will be redirected back to your article in seconds

HBO Hacks and Leaks: How Much Have They Hurt the Business?

HBO has endured an uncomfortable bummer of a summer of hacks and episodes of original series leaking out into the internet wild, including from its tentpole “Game of Thrones” franchise.

The cyber-chaos — whether driven by money, mischief, malice or just plain mistakes — may well continue: It’s possible that whoever was behind the massive hack of the programmer’s networks perpetrated in July has additional data dumps in store. The anonymous hacker, who has called himself “Mr. Smith” in some communiques, has demanded millions in ransom payments from HBO.

But how much has HBO really been harmed? Observers say that the Time Warner-owned network hasn’t sustained any serious blows to its finances or reputation, especially compared with the 2014 cyberattack on Sony Pictures Entertainment that nearly pulled the studio under.

“In the pantheon of hacks and corporate fallout from them, HBO is getting off light so far to date,” said Stephen Beck, managing partner of management consultancy cg42.

HBO has had a string of digital headaches: The hack has resulted in the release of a “Game of Thrones” script and episodes of HBO shows including “Ballers” and “Curb Your Enthusiasm.” Separately, two “Game of Thrones” episodes have been pirated before their premiere this season — episode 4, attributed to employees of a vendor working with HBO partner Sky India; and episode 6, which leaked online after it was inadvertently published by HBO’s European services. And on Wednesday night, a notorious hacking gang hijacked HBO’s Twitter and Facebook accounts.

Those may be an unfortunate confluence of events, or it could be that HBO has been singled out for attack. “Once you’ve been compromised, you’re seen as someone who’s been attacked and is vulnerable,” said Dimitri Sirota, co-founder and CEO of BigID, a security software vendor.

It’s impossible right now to determine the full cost of the hack, because even HBO might not know the full extent of what’s in the 1.5 terabytes of data the hackers claim they’ve stolen, said Tim Crosby, senior cybersecurity consultant for Spohn Security Solutions. A security contractor enlisted by HBO disclosed that the hackers obtained “thousands of internal documents.”

With any data breach, there are costs for legal reviews, security remediation, and forensics investigations. “It’s unfortunately become a cost of doing business today,” said Mark Lobel, principal in PwC’s U.S. advisory practice and leader of its cybersecurity team for the technology, media and telecom sector. “These types of attacks against media companies are happening a lot, and many are not reported publicly.”

Still, the damage from the hacks and the other leaks appears to be limited. In fact, “Game of Thrones” scored the series’ best-ever ratings for the Aug. 6 airing even with the leak three days beforehand. Season to date, “GOT” episodes are averaging nearly 30 million viewers across all platforms, 38% more than the same point in time versus last season. HBO half-hour comedies “Ballers” and “Insecure,” both of which had episodes leaked by the hacker, have each set record highs for viewing on Sunday nights this summer, according to the network.

Experts say it’s unlikely HBO has lost subscribers or that its brand has been tarnished. “They have some public sympathy – they didn’t do anything wrong,” said Carl Folta, a veteran entertainment PR exec. “They are the victims here.”

A big difference between the Sony and HBO hacks is that in HBO’s case, there hasn’t been much private email or employee personal information divulged. The hacker group did leak about a month’s worth of emails from one senior HBO executive. But the contents of those haven’t been published, as Sony’s emails were — which corroded the studio’s relations with talent, employees and partners. (HBO CEO Richard Plepler has told employees that the network doesn’t believe the email system “as a whole” has been compromised.)

In many ways, the HBO leaks arguably have been unpaid promotion for the network. The latest episode leak even spawned a trending hashtag on Twitter, , on Thursday.

“Obviously, no company wants their proprietary information stolen and posted online,” said Beck. “But this amounts to free marketing.” Recall the quip from Time Warner CEO Jeff Bewkes, who said on an earnings call in 2013 that “Game of Thrones” piracy was “better than an Emmy” in terms of driving buzz.

HBO, for its part, has said it is not in communication with the hacker and that its priorities are to maintain transparency with employees and partners about the incident. “We’re not going to comment every time a new piece of information is released,” the network said in a statement Sunday. “The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we’re not going to participate in.”

Industry analysts say HBO has done a good job in responding quickly with public and internal messaging. One of the mistakes companies that have been hit by a data-security breach often make is that they release partial or inaccurate information, said PwC’s Lobel. “They release a hypothesis and not facts,” he said. “That just extends the story. In many cases the hackers are trying to kill you by a death by a thousand cuts.”

As for HBO’s decision to offer a $250,000 payoff to the hacker, aiming to fend off the release of any purloined episodes or information, experts say there’s no right answer in what to do in this case. A source familiar with the matter said the offer of the “bug bounty” was a stall tactic by HBO as it assessed the situation.

Some experts say it’s never advisable to make payouts to cybercriminals, although they say that does sometimes happen quietly. “It’s the same reason the U.S. government doesn’t pay ransom for kidnapped Americans,” said Brian Pearce, COO of Beyond Security, which sells network-vulnerability testing tools. “It paints a giant target on not only on the back of the company, but the entire industry they’re in.”

Other say offering payments to hackers can be a reasonable step to negotiate a settlement to limit the fallout, or to figure out if the attackers really have anything of value. Additionally, the tactic of offering payment might be part of an effort to gather more info about the hackers so that law enforcement can track them down.

In any case, internet-borne threats will continue. Tools that cybercriminals have access to are very user friendly and easily available. With a monetary incentive, they will be relentless. “Your adversaries are getting smarter, so you have to get smarter,” said BigID’s Sirota.

The “Game of Thrones” script provides a lesson in architecting a data-security defense, according to Sirota. The Wall, the huge barrier of ice in the north of Westeros, doesn’t stop the White Walkers from breaking through. In the same way, in trying to protect their networks, “Companies try to build bigger walls and deeper moats, but there will always be ways to get around that.” Sirota recommends deploying a variety of more agile and intelligent defenses, such as “honeypots,” which are false targets designed to attract and trap an attacker.

The HBO hack and related events have once again spurred media and entertainment companies to consider how susceptible they are to similar attacks. The real danger is believing they are safe, said Spohn Security’s Crosby: “There are lots of people who will forget this. They’re more interested in focusing on something else.”

More Digital

  • Wanda Sykes Silicon Valleywood

    Wanda Sykes on Doing Business With Netflix: 'They Moved That Comma'

    MENLO PARK, Calif. — Wanda Sykes wears a lot of hats as a comedian, writer, producer and entrepreneur, and that gives her a keen sense of the ever-growing content marketplace. She also has a very clear understanding of what she’s worth in dollars and cents, as she shared Tuesday in her Q&A at Variety’s Silicon [...]

  • snapchat-logo

    Snapchat Gains 4 Million Users in Q1 as Snap Beats Earnings Estimates

    Snap beat Wall Street estimates on the top and bottom in the first quarter of 2019 — and managed to show an uptick in Snapchat users for the first time in a year. Revenue for the quarter was $320 million, up 39% year over year, while it narrowed its net loss to $310.4 million in [...]

  • Jim Lanzone

    CBS Interactive Chief Jim Lanzone: 'We Have a Tiger by the Tail' With Streaming Growth

    MENLO PARK, Calif. — CBS All Access can’t serve up addressable advertising inventory fast enough for marketers hungry to reach consumers watching premium video online. That was the upbeat outlook shared by CBS Interactive CEO Jim Lanzone during his keynote address on Tuesday at Variety’s Silicon Valleywood presented by PwC. “There’s not a form of advertising [...]

  • Fidji SimoFacebook Watch Executive panel, TCA

    Facebook Exec Fidji Simo: Restricting Facebook Live Could Hurt Minorities

    Facebook vice president Fidji Simo told the audience of Variety’s Silicon Valleywood presented by PwC on Tuesday that the company was carefully evaluating how to increase the safety of its live streaming feature in the wake of the New Zealand massacre. “We know that we need to do more to protect people on live,” she said, [...]

  • Reddit

    Reddit Rolls Out Collections and Events Posts to All Communities (EXCLUSIVE)

    After testing them with “Game of Thrones” fans and a few dozen other Subreddits for the past couple of months, Reddit is now launching two new post types to its entire user base: Events will help communities with discussions about TV show episodes, awards shows, breaking news and more; Collections will help to curate posts, [...]

  • silicon valleywood Wanda Sykes

    Silicon Valleywood Confab Will Mine Maximum Data Strategies

    As Apple’s recent star-studded event for its new TV streaming service demonstrated, the worlds of entertainment and technology are becoming increasingly intertwined — a convergence Variety will explore during its inaugural Silicon Valleywood Summit on April 23 in Menlo Park. Entertainment leaders will join tech giants on the latter industry’s home turf to discuss how [...]

More From Our Brands

Access exclusive content