Email leak reveals HBO negotiated with hackers after data theft and US$250,000 ransom demand
A person close to the investigation said it was an attempt to buy time and assess the situation and contact authorities
Hackers this week released an email from HBO in which the company expressed willingness to pay them US$250,000 as part of a negotiation over data swiped from HBO’s servers.
The July 27 email was sent by John Beyler, an executive with the firm who thanked the hackers for “making us aware” of previously unknown security vulnerabilities. The executive asked for a one-week delay and said HBO was willing to make a “good faith” payment of US$250,000, calling it a “bug bounty” reward for IT professionals rather than a ransom.
HBO declined to comment. A person close to the investigation confirmed the authenticity of the email, but said it was an attempt to buy time and assess the situation. The same hackers have subsequently released two dumps of HBO material and demanded a multimillion dollar ransom.
Whether or not HBO ever intended to follow through with its US$250,000 offer, the email raised questions on Friday among security professionals about the importance of the data and whether HBO’s reaction might encourage future attacks.
“It’s interesting that they’re spinning it as a bug bounty programme,” said Pablo Garcia, chief executive of FFRI North America. “They’re being extorted. If it was a bug bounty, it’d be on the up and up.”
Beyler’s email to the hackers said the company was working “very hard” to review all the material they provided, and also trying to figure out a way to make a large transaction in bitcoin, the hackers’ preferred payment method.