‘Orange Is the New Black’ Leak Shows: Hollywood Cybersecurity Lives and Dies With Third-Party Vendors

This weekend’s leak of the upcoming fifth season of Netflix’s “Orange Is the New Black” may turn out to be Hollywood’s biggest breach since the Sony hack in 2014. But security experts aren’t surprised by the incident, even as details about it still emerge. That’s because many have been warning of weak security at third-party vendors for years.

“Third-party vendors have been a problem for a long time and will continue to be in the future,” said PwC principal Mark Lobel during an interview with Variety Saturday. Lobel declined to specifically comment on this weekend’s Netflix leak, which appears to be based on a security breach at Larson Studios, an audio post-production company that has also been working on shows like “Fargo,” “Designated Survivor” and “NCIS Los Angeles.” But he argued that security for third-party vendors continues to be a weak link for Hollywood.

The big Hollywood studios in particular have put a lot of efforts into improving their security after the Sony hack, which saw hackers likely associated with North Korea breach the company’s networks and release over 170,000 emails as well as 30,000 internal documents — many of which later were published on Wikileaks.

“The studios have raised the bar significantly in the last two, three years,” agreed Lobel. But those same multi-billion-dollar media companies continue to work with a huge network of third-party vendors, which are increasingly spread all across the globe.

Visual effects, subtitles, color grading, audio post-production and many other specialized tasks are routinely outsourced to other companies. Some of them are sizable players of their own, but others just have a dozen or fewer employees. Studios may audit the security of these vendors, but even the best audit only provides a snapshot of a single point in time, and doesn’t guarantee that an employee at one of those vendors won’t fall for a phishing scam the following week.

What’s more, security threats continuously evolve, forcing the Hollywood to catch up. “This is a game of chess with no kings,” said Lobel. Studios and their security teams can try to adapt to new threats, but small shops with a handful of employees may eventually slip up. “The third-party vendor has to be good all the time, the hacker only needs to be lucky once,” said Lobel. “It does not surprise me to see someone target a third-party vendor.”

In many ways, breaches like the one that now targeted Netflix and Larson Studios almost seem inevitable. Which begs the question: What should a company do when the worst has happened? The hackers who released “Orange Is the New Black” claimed they did so only after Netflix didn’t pay their ransom demands, and may be threatening ABC, Fox, IFC and NatGeo with similar demands.

“There is no right answer to the question whether it’s right for the companies to pay ransom,” said Lobel. On the one hand, giving in to such demands could obviously encourage further threats and finance criminals. But Lobel also acknowledged that companies targeted by ransom demands often do pay because they decide that not paying may be catastrophic to their bottom line.

In the end, Hollywood may be best advised to take this latest scare as a warning to not only improve security in-house, but also at third-party vendors — even if that means paying a bit more. Said Lobel: “Security controls are necessary overhead, but still overhead.”

More Digital

  • Mj Rodriguez, Nico Santos to Announce

    Mj Rodriguez, Nico Santos to Announce GLAAD Media Award Nominations

    Mj Rodriguez and Nico Santos are set to announce the nominees for the 30th annual GLAAD Media Awards. The “Pose” star and “Crazy Rich Asians” funny man will make the announcement during a live-stream from the AT&T Hello Lounge at the Sundance Film Festival on Friday, Jan. 25. “The images and stories recognized by the [...]

  • Netflix Claims 'Fortnite' Is a Bigger

    Netflix Claims 'Fortnite' Is a Bigger Competitor Than HBO

    It may be mostly gamesmanship, but Netflix says it’s not really focused on rival streaming-video services from Amazon, Hulu, Disney, WarnerMedia or other big players as much as improving its own service to win share of consumers’ attention. “We compete with (and lose to) ‘Fortnite’ more than HBO,” Netflix told investors in its quarterly letter [...]

  • Netflix - Apple TV

    Netflix Turns in Record Q4 Subscriber Gain, Price Increase Weighs on U.S. Forecast

    Netflix is beating Wall Street expectations for international subscriber growth — but its recently announced price increase in the U.S. may have put a damper on its momentum in the States. For the fourth quarter of 2018, Netflix reported 1.53 million paid net adds in the U.S. and 7.31 million internationally, to end the year [...]

  • Bird Box

    'Bird Box' Has Been Watched by 80 Million Subscribers, Netflix Says

    Netflix used its Q4 2018 earnings report Thursday to give us a rare update on some of its audience numbers: The company estimates that its horror-thriller “Bird Box” will be viewed by over 80 million member households in the first four weeks following its release. “We are seeing high repeat viewing,” company executives wrote in [...]

  • Crackle Latin America

    Sony Shuts Down Crackle Latin America Business

    Sony Pictures Television is folding the Crackle Latin America subscription VOD service, which has 400,000 subscribers across 17 countries, after concluding the business isn’t economically viable. Crackle Latin America first launched in April 2012 as an ad-supported streaming service — like the U.S. version of Crackle — before switching in 2016 to a subscription video-on-demand [...]

  • Google Home entryway

    NPR Has Turned 'Wait Wait... Don’t Tell Me' Into a Game for Smart Speakers

    NPR has turned its popular “Wait Wait… Don’t Tell Me!” news quiz show into an interactive game for smart speakers: Owners of speakers powered by Google’s Assistant or Amazon Alexa will be able to play along to questions about the news of the week. Just like the radio show, the quiz is being hosted by [...]

  • WARNING: Embargoed for publication until 00:00:01

    BritBox Subscribers Hit Half a Million

    The number of subscribers to BritBox has hit 500,000, the streaming service said Thursday. The platform, launched as a collaboration between BBC Studios and ITV, is designed to offer U.S. and Canadian viewers the best of recent and classic British television content. The streaming service launched in the U.S. in March 2017 with a host of [...]

More From Our Brands

Access exclusive content