Hackers are refusing to give HBO a break as the cable TV network's social media channels have been breached in yet another incident.
The gray-hat hacker group known as OurMine found a way into the Twitter and Facebook accounts of HBO as well as the accounts of several of their shows including Game of Thrones, Veep, Last Week Tonight with John Oliver, Silicon Valley, Ballers, and more.
The group left posts on the network's pages calling for followers to make “#HBOHacked” trend, along with messages claiming the group was only looking to point out vulnerabilities in HBO's security.
“Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security,” the group said in the post, followed by another that read, “let's make #HBOHacked trending!”
OurMine has also breached other high-profile accounts for similar reasons including those of BuzzFeed, YouTube, and Wikipedia, as well as the personal accounts of tech CEOs including Facebook's Mark Zuckerberg, Twittter's Jack Dorsey, and Google's Sundar Pichai. The group usually also suggests that its victims subscribe to its services.
The latest incident only adds to the host of security problems HBO has had this month, including a breach which compromised 1.5 terabytes of data, including unaired episodes Game of Thrones, Insecure, Ballers and more, which are being held for a $7.5 million ransom. HBO executives unsuccessfully tried to talk the perpetrator down to a $250,000 bug bounty. Earlier this week, four people were arrested in India for leaking an episode of Game of Thrones in an unrelated incident and HBO itself accidentally leaked an episode of Game of Thrones.
"In today's Social, Mobile, Cloud, Always-Connected world there are numerous attack vectors, and with this latest HBO incident, hackers were able to gain access to some of their social accounts,” CYBRIC Chieft Technology Officer Mike Kail, told SC Media. “The potential ramifications of that include that often times passwords are re-used and the individual who is responsible for the social account used the same password for other company accounts and assets.”
“Kail said this can result in the hacker establishing a foothold that is also then hard to detect and is the reason why organizations need to take a comprehensive, continuous approach to increasing security resiliency, and that comes via visibility
“You can keep secure what you don't know about, and that's where the collaborative culture of 'DevSecOps' is helpful," he added.