Hacker Leaks Episodes From Netflix Show and Threatens Other Networks
A hacker who claims to have stolen unreleased television shows from several major networks shared the coming season of the Netflix series “Orange Is the New Black” on Saturday after the person said the streaming service failed to meet its ransom requests.
The breach appears to have occurred at the postproduction company Larson Studios, a popular digital-mixing service in Los Angeles for television networks and movie studios. The hacker or hackers, who go by the name “thedarkoverlord,” also claim to have stolen unreleased content from ABC, Fox, National Geographic and IFC. The Federal Bureau of Investigation learned of the episode at Larson Studios in January but did not start notifying the content companies until a month ago.
A message to Larson Studios was not immediately returned.
On Twitter, thedarkoverlord suggested that other networks would have their shows released next. “Oh, what fun we’re all going to have,” the hacker said. “We’re not playing any games anymore.”
Netflix had announced this year that Season 5 of “Orange Is the New Black” would be released June 9, and it was not immediately clear whether it planned to move up the release date.
In a statement, Netflix said: “We are aware of the situation. A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved.”
The thefts are the latest in a long line of ransom and extortion attacks perpetuated by cybercriminals over the past year. Security experts have been responding, with greater frequency, to breaches in which these criminals threaten to expose or delete proprietary information unless companies pay a ransom.
Those threats have increased with the advent of ransomware, malicious software that encrypts victims’ data and prevents them from accessing it until they pay a ransom, often hundreds or thousands of dollars’ worth of Bitcoin, a cryptocurrency. Ransomware attacks have increased in the past five years and were up 50 percent in 2016 compared with 2015, according to a data breach investigations report published last week by Verizon.
This specific breach highlights a risk posed by the weak security practices in the postproduction studios that manage the release of proprietary entertainment content. While companies like Netflix and Fox might invest in state-of-the-art cybersecurity defense technology, they must also rely on an ecosystem of postproduction vendors, ranging from mom-and-pop shops to more sophisticated outfits like Dolby and Technicolor, which may not deploy the same level of cybersecurity and threat intelligence.
The stolen content appears to be dated. In an online post, thedarkoverlord said it had obtained the first 10 episodes of Season 5 of “Orange Is the New Black”; the breach occurred before the final three episodes were released to postproduction studios. The first episode was made public on a file-sharing site on Friday, which the hacker linked to via Twitter with a threat: “Let’s try to be a bit more direct, Netflix.” The nine other episodes were released on Saturday.
In a message posted Saturday, thedarkoverlord criticized Netflix for not meeting its blackmail requests. “It didn’t have to be this way, Netflix,” the message said. “You’re going to lose a lot more money in all of this than what our modest offer was.”
The statement continued: “We’re quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves.”
The hacker threatened to release content from other studios on Saturday if its demands were not met. ABC, Fox and IFC declined to comment, and a message to National Geographic was not immediately returned.
The alias thedarkoverlord has popped up in other recent attacks, including one last January on a small charity in Muncie, Ind., the Little Red Door Cancer Services of East Central Indiana. In that case, the hackers wiped the organization’s servers and backup servers, and demanded 50 bitcoins — valued at $43,000 — to restore the data. The organization did not pay.
Last summer, the same hacker claimed to have breached at least three health care companies in the United States and a health insurer, and attempted to sell their stolen data on the dark web, on a website called TheRealDeal, for $96,000 to $490,000.