Esto también se puede leer en español.

Leer en español

Don't show this again

HBO offered hackers a $250,000 'bug bounty' to stall them

The hackers leaked a screenshot of a HBO email offering to pay a "bug bounty" rather than a ransom but also asking for a one-week extension to the deadline.

Security
Cash money and laptop computer

Did a HBO exec offer hackers a "bug bounty" instead of paying a ransom?

Getty Images

An HBO executive offered the hackers behind its recent breach a $250,000 payment as a "bug bounty," a leaked email showed.

In the latest development in HBO's battle against hackers who claim to have 1.5 terabytes of stolen data from the media giant, the cybercriminals leaked an email showing a discussion between an HBO executive and the hackers from July 27, about five days before the breach became public. 

The hackers first contacted HBO with a ransom note on July 23, the email indicated.

HBO's email carefully is worded to avoid the appearance that the payment is anything other than a reward for discovering vulnerabilities in HBO's system. The hackers, who posted several of HBO's new episodes and a "Game of Thrones" script online in late July, demanded $6 million, a person close to the investigation said.

"You have the advantage of having surprised us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week," HBO's email read. "As a show of good faith our our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire Bitcoin."

CNET obtained the email, which a person close to the investigation confirmed was legitimate.

HBO's hackers leaked an email interaction with one of the company's executives.

Little Finger

A person close to the investigation said that the email was a delay tactic and that HBO never intended on cooperating with the hackers. According to the leaked email, the hacker is going by the nickname "Little Finger," a reference to a "Game of Thrones" character known for being devious and cunning. The hacker has also used the name "Mr. Smith" in the past.

The cybercriminal is using an email address hosted in China.

Hackers claim to have stolen 1.5TB of data from the company, including forthcoming episodes of "Ballers" and "Room 104," which they have reportedly leaked online. Hackers warned last month that more material would come.

First published, Aug. 10 at 7:38 p.m. PT.
Update, Aug. 11 at 6:00 a.m. PT: To include details from leaked email and sources close to the investigation.

Tech Culture: From film and television to social media and games, here's your place for the lighter side of tech.

Batteries Not Included: The CNET team shares experiences that remind us why tech stuff is cool.

Close
Drag
Autoplay: ON Autoplay: OFF