The Dark Overlord has once again struck from the darkest corners of the dark web, this time to reveal intentions to leak the contents of a stolen Hollywood database taken from a top studio.
In previous campaigns, the legion of super villains has threatened violence against school districts, leaked popular Netflix shows, and released intimate images of royalty stolen from London-based plastic surgeon's office.
Hollywood production studio Line 204 was the group's latest victim with hackers claiming to have obtained the addresses and phone numbers of celebrities. The hackers sent an encrypted file named “CustomerCard,” transaction records, bank deposit information, hundreds of contracts, files and client invoices, and vendor lists to IBTimes UK
"As with all of our friends who don't accept one of our handsome business proposals, we'll handle them appropriately by publicly releasing all their client data, documents, intellectual property, and other sensitive documentation," the group told the publication.
Alton Butler, CEO of Line 204, confirmed the attack and said the Dark Overlord managed to break into its database on Oct. 26 and that they are working with the FBI to block further attacks and to protect company and client information.
"We understand the magnitude of concerns and apologise for the inconvenience,” Butler said in the statement. “We want to ensure you we are working around the clock to try and rectify the situation."
Celebrities and unreleased secrets will always make good targets for criminals, Mark James, Security Specialist at ESET told SC Media. And even celebrities are discouraged from paying ransoms to cybercriminals as it only encourages bad behavior and there is no guarantee the bad guys will hold up their end of the deal.
“Celebrities are always a winner because often their lives are managed by other companies; once said company attains a certain level, they often attract more high profile clients that rely on them to keep their data, and indeed secrets, safe- but of course as their client list grows, then so in theory does their target size,” James said. “When these companies are the subject of a breach or compromise, the hacker would hope that containing the breach and paying the ransom seems the most “likely” outcome, but sadly in this day and age, data has an uncanny way of making its way public.”
The Line 204 breach is the latest in a long line of attacks targeting organizations being blackmailed under the threat of leaking sensitive data. Researchers should be asking whether the amount invested into protecting such information is comparable to its value in the open market, Lee Munson, Security Researcher at Comparitech.com told SC Media.
“Given how money talks, large organisations and rich and famous people are especially keen to maintain their privacy, often quite fiercely, meaning a film studio breach could be an extremely lucrative cash cow,” Munson said.
“While payment card data appears to be safe, names, contact details, salaries and contracts have such value that these attacks will continue for some time to come.”