×
You will be redirected back to your article in seconds

‘Orange Is the New Black’ Leak Shows: Hollywood Cybersecurity Lives and Dies With Third-Party Vendors

This weekend’s leak of the upcoming fifth season of Netflix’s “Orange Is the New Black” may turn out to be Hollywood’s biggest breach since the Sony hack in 2014. But security experts aren’t surprised by the incident, even as details about it still emerge. That’s because many have been warning of weak security at third-party vendors for years.

“Third-party vendors have been a problem for a long time and will continue to be in the future,” said PwC principal Mark Lobel during an interview with Variety Saturday. Lobel declined to specifically comment on this weekend’s Netflix leak, which appears to be based on a security breach at Larson Studios, an audio post-production company that has also been working on shows like “Fargo,” “Designated Survivor” and “NCIS Los Angeles.” But he argued that security for third-party vendors continues to be a weak link for Hollywood.

The big Hollywood studios in particular have put a lot of efforts into improving their security after the Sony hack, which saw hackers likely associated with North Korea breach the company’s networks and release over 170,000 emails as well as 30,000 internal documents — many of which later were published on Wikileaks.

“The studios have raised the bar significantly in the last two, three years,” agreed Lobel. But those same multi-billion-dollar media companies continue to work with a huge network of third-party vendors, which are increasingly spread all across the globe.

Visual effects, subtitles, color grading, audio post-production and many other specialized tasks are routinely outsourced to other companies. Some of them are sizable players of their own, but others just have a dozen or fewer employees. Studios may audit the security of these vendors, but even the best audit only provides a snapshot of a single point in time, and doesn’t guarantee that an employee at one of those vendors won’t fall for a phishing scam the following week.

What’s more, security threats continuously evolve, forcing the Hollywood to catch up. “This is a game of chess with no kings,” said Lobel. Studios and their security teams can try to adapt to new threats, but small shops with a handful of employees may eventually slip up. “The third-party vendor has to be good all the time, the hacker only needs to be lucky once,” said Lobel. “It does not surprise me to see someone target a third-party vendor.”

In many ways, breaches like the one that now targeted Netflix and Larson Studios almost seem inevitable. Which begs the question: What should a company do when the worst has happened? The hackers who released “Orange Is the New Black” claimed they did so only after Netflix didn’t pay their ransom demands, and may be threatening ABC, Fox, IFC and NatGeo with similar demands.

“There is no right answer to the question whether it’s right for the companies to pay ransom,” said Lobel. On the one hand, giving in to such demands could obviously encourage further threats and finance criminals. But Lobel also acknowledged that companies targeted by ransom demands often do pay because they decide that not paying may be catastrophic to their bottom line.

In the end, Hollywood may be best advised to take this latest scare as a warning to not only improve security in-house, but also at third-party vendors — even if that means paying a bit more. Said Lobel: “Security controls are necessary overhead, but still overhead.”

More Digital

  • Nancy Pelosi

    Facebook on Defensive Over Fake Pelosi Video

    Facebook faced growing criticism this week over its decision not to remove a video that was doctored to suggest that House Speaker Nancy Pelosi was intoxicated during a recent public event. The video, which has been viewed more than 2.5 million times, had been slowed down notably, giving the impression that Pelosi was slurring her [...]

  • Little-Black-Mirror-Maia-Mitchell

    Netflix Launching 'Little Black Mirror' Video Series Starring Maia Mitchell, Lele Pons, Rudy Mancuso, Juanpa Zurita and More

    To promote next month’s premiere of “Black Mirror” season 5, Netflix is launching a short video series — “Little Black Mirror,” with a cast that includes an ensemble of Latinx social-media stars. The three “mini-stories,” aimed at Spanish-speaking audiences, are inspired by the tech-dystopian universe of Charlie Brooker and Annabel Jones’ anthology series. “Little Black [...]

  • Twitter

    Twitter Permanently Bans Anti-Trump Krassenstein Brothers, Who Deny They Broke Platform's Rules

    Twitter permanently suspended the accounts of Ed and Brian Krassenstein — progressive political activists famous for trolling Donald Trump and his supporters — with the company alleging the brothers used bogus accounts to amplify their reach on the platform. “The Twitter Rules apply to everyone,” a Twitter rep said in a statement. “Operating multiple fake [...]

  • Snapchat

    Snap in Talks to License Music to Let Snapchat Users Embed Songs in Posts

    Snap wants to up Snapchat’s music game. The company has been in negotiations with music companies including the big three — Sony Music Entertainment, Universal Music Group and Warner Music Group — to license song catalogs for the Snapchat app, according to two industry sources familiar with the talks, confirming a Wall Street Journal report. [...]

  • T-mobile - Netflix - John Legere

    T-Mobile Passes Netflix Price Hike Through to Subscribers

    T-Mobile is getting ready to raise prices for subscribers who have taken advantage of its “Netflix On Us” promotion: The mobile carrier will begin charging existing customers who have participated in the promotion an additional $2 per month to account for Netflix’s recent price increase. Consumers will see their bill go up starting on 6/2. [...]

  • Oona King

    Snap Hires Google Exec Oona King as First VP of Diversity and Inclusion

    Snap continues to fill out the ranks of its revamped leadership team: The Snapchat parent tapped Oona King, most recently Google’s director of diversity strategy and a former member of British Parliament with the Labour Party, as its first VP of diversity and inclusion. King, who starts at Snap on June 11, is also the [...]

More From Our Brands

Access exclusive content