×
You will be redirected back to your article in seconds

HBO Hacks and Leaks: How Much Have They Hurt the Business?

HBO has endured an uncomfortable bummer of a summer of hacks and episodes of original series leaking out into the internet wild, including from its tentpole “Game of Thrones” franchise.

The cyber-chaos — whether driven by money, mischief, malice or just plain mistakes — may well continue: It’s possible that whoever was behind the massive hack of the programmer’s networks perpetrated in July has additional data dumps in store. The anonymous hacker, who has called himself “Mr. Smith” in some communiques, has demanded millions in ransom payments from HBO.

But how much has HBO really been harmed? Observers say that the Time Warner-owned network hasn’t sustained any serious blows to its finances or reputation, especially compared with the 2014 cyberattack on Sony Pictures Entertainment that nearly pulled the studio under.

“In the pantheon of hacks and corporate fallout from them, HBO is getting off light so far to date,” said Stephen Beck, managing partner of management consultancy cg42.

HBO has had a string of digital headaches: The hack has resulted in the release of a “Game of Thrones” script and episodes of HBO shows including “Ballers” and “Curb Your Enthusiasm.” Separately, two “Game of Thrones” episodes have been pirated before their premiere this season — episode 4, attributed to employees of a vendor working with HBO partner Sky India; and episode 6, which leaked online after it was inadvertently published by HBO’s European services. And on Wednesday night, a notorious hacking gang hijacked HBO’s Twitter and Facebook accounts.

Those may be an unfortunate confluence of events, or it could be that HBO has been singled out for attack. “Once you’ve been compromised, you’re seen as someone who’s been attacked and is vulnerable,” said Dimitri Sirota, co-founder and CEO of BigID, a security software vendor.

It’s impossible right now to determine the full cost of the hack, because even HBO might not know the full extent of what’s in the 1.5 terabytes of data the hackers claim they’ve stolen, said Tim Crosby, senior cybersecurity consultant for Spohn Security Solutions. A security contractor enlisted by HBO disclosed that the hackers obtained “thousands of internal documents.”

With any data breach, there are costs for legal reviews, security remediation, and forensics investigations. “It’s unfortunately become a cost of doing business today,” said Mark Lobel, principal in PwC’s U.S. advisory practice and leader of its cybersecurity team for the technology, media and telecom sector. “These types of attacks against media companies are happening a lot, and many are not reported publicly.”

Still, the damage from the hacks and the other leaks appears to be limited. In fact, “Game of Thrones” scored the series’ best-ever ratings for the Aug. 6 airing even with the leak three days beforehand. Season to date, “GOT” episodes are averaging nearly 30 million viewers across all platforms, 38% more than the same point in time versus last season. HBO half-hour comedies “Ballers” and “Insecure,” both of which had episodes leaked by the hacker, have each set record highs for viewing on Sunday nights this summer, according to the network.

Experts say it’s unlikely HBO has lost subscribers or that its brand has been tarnished. “They have some public sympathy – they didn’t do anything wrong,” said Carl Folta, a veteran entertainment PR exec. “They are the victims here.”

A big difference between the Sony and HBO hacks is that in HBO’s case, there hasn’t been much private email or employee personal information divulged. The hacker group did leak about a month’s worth of emails from one senior HBO executive. But the contents of those haven’t been published, as Sony’s emails were — which corroded the studio’s relations with talent, employees and partners. (HBO CEO Richard Plepler has told employees that the network doesn’t believe the email system “as a whole” has been compromised.)

In many ways, the HBO leaks arguably have been unpaid promotion for the network. The latest episode leak even spawned a trending hashtag on Twitter, , on Thursday.

“Obviously, no company wants their proprietary information stolen and posted online,” said Beck. “But this amounts to free marketing.” Recall the quip from Time Warner CEO Jeff Bewkes, who said on an earnings call in 2013 that “Game of Thrones” piracy was “better than an Emmy” in terms of driving buzz.

HBO, for its part, has said it is not in communication with the hacker and that its priorities are to maintain transparency with employees and partners about the incident. “We’re not going to comment every time a new piece of information is released,” the network said in a statement Sunday. “The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we’re not going to participate in.”

Industry analysts say HBO has done a good job in responding quickly with public and internal messaging. One of the mistakes companies that have been hit by a data-security breach often make is that they release partial or inaccurate information, said PwC’s Lobel. “They release a hypothesis and not facts,” he said. “That just extends the story. In many cases the hackers are trying to kill you by a death by a thousand cuts.”

As for HBO’s decision to offer a $250,000 payoff to the hacker, aiming to fend off the release of any purloined episodes or information, experts say there’s no right answer in what to do in this case. A source familiar with the matter said the offer of the “bug bounty” was a stall tactic by HBO as it assessed the situation.

Some experts say it’s never advisable to make payouts to cybercriminals, although they say that does sometimes happen quietly. “It’s the same reason the U.S. government doesn’t pay ransom for kidnapped Americans,” said Brian Pearce, COO of Beyond Security, which sells network-vulnerability testing tools. “It paints a giant target on not only on the back of the company, but the entire industry they’re in.”

Other say offering payments to hackers can be a reasonable step to negotiate a settlement to limit the fallout, or to figure out if the attackers really have anything of value. Additionally, the tactic of offering payment might be part of an effort to gather more info about the hackers so that law enforcement can track them down.

In any case, internet-borne threats will continue. Tools that cybercriminals have access to are very user friendly and easily available. With a monetary incentive, they will be relentless. “Your adversaries are getting smarter, so you have to get smarter,” said BigID’s Sirota.

The “Game of Thrones” script provides a lesson in architecting a data-security defense, according to Sirota. The Wall, the huge barrier of ice in the north of Westeros, doesn’t stop the White Walkers from breaking through. In the same way, in trying to protect their networks, “Companies try to build bigger walls and deeper moats, but there will always be ways to get around that.” Sirota recommends deploying a variety of more agile and intelligent defenses, such as “honeypots,” which are false targets designed to attract and trap an attacker.

The HBO hack and related events have once again spurred media and entertainment companies to consider how susceptible they are to similar attacks. The real danger is believing they are safe, said Spohn Security’s Crosby: “There are lots of people who will forget this. They’re more interested in focusing on something else.”

More Digital

  • BURBANK, CALIFORNIA - JANUARY 18: (EDITORIAL

    Dax Shepard, Bobby Bones, 'Breakfast Club' Among iHeartRadio Podcast Awards Winners

    iHeartRadio launched its first ever Podcast Awards on Friday (January 18) in Los Angeles. Among the winners in 22 categories were “Whine Down with Jana Kramer” (Best Entertainment TV Podcast); “Armchair Expert with Dax Shepard (Breakout Podcast); “Bobbycast” (Music Podcast); and “The Breakfast Club” (Best Multicultural Podcast). The winners were determined by iHeartRadio listeners. Taking the top prize of Podcast [...]

  • Velvet Buzzsaw trailer

    Netflix Original Movies: What to Look Forward To in 2019

    Following the biggest fourth-quarter worldwide subscriber gain ever and some controversy around increased prices in the U.S., Netflix looks to keep its momentum going into 2019. From Jan. 18 through March, the streaming site will release 10 original films, including action-packed thrillers, a post-apocalyptic sci-fi, quirky comedies, inspirational dramas, an artistic horror movie and a viral [...]

  • The Beatles Eight Days a Week

    Imagine's Documentary Arm Sets First-Look Pact With Apple (EXCLUSIVE)

    Brian Grazer and Ron Howard’s Imagine Documentaries has set a first-look pact with Apple to develop non-fiction features and series. The deal comes as Imagine is investing heavily in the premium non-fiction arena. The company in June recruited RadicalMedia veteran Justin Wilkes to head Imagine Documentaries as president. The deal suggests that Apple sees docu [...]

  • Walt Disney HQ LA

    Disney Unveils Financial Data for DTC Unit, Sets April 11 for Investor Presentation

    Disney has rejiggered its business segments for earnings reporting to make room for the new unit housing its global streaming operations. Disney on Friday released restated earnings for fiscal 2018, 2017 and 2016 to give investors and financial analysts better visibility into its spending on the launch of the Disney Plus, ESPN Plus and other [...]

  • Facebook Logo

    Release of Docs to Reveal How Facebook Made Money Off Children

    Documents related to a 2012 lawsuit against Facebook in which children, sometimes unwittingly, spent their parents’ money on games via the social site will be unsealed, according to a Monday ruling from the United States District Court. The court gave Facebook ten days to file unredacted documents in accordance with the ruling. The 2012 lawsuit [...]

  • Facebook Logo

    Facebook Sets Up New Product Group for AR Glasses (Report)

    Facebook has restructured its augmented and virtual reality research division and set up a new group tasked with building augmented reality (AR) glasses, according to a new Business Insider report. Facebook acknowledged the move in a statement given to the publication, saying that the move affected “a few hundred people.” The group has already built [...]

More From Our Brands

Access exclusive content