It has been reported that Hacking group The Dark Overlord is threatening to leak the internal client data of top Hollywood production studio Line 204. The seemingly international group of hackers, which recently targeted streaming giant Netflix and a London-based plastic surgeon’s office, provided evidence that it had accessed the firm’s customer database.
“As with all of our friends who don’t accept one of our handsome business proposals, we’ll handle them appropriately by publicly releasing all their client data, documents, intellectual property, and other sensitive documentation,” the group said via encrypted chat.
When you visit Line 204’s website, you are greeted with a slew of famous faces – from Quentin Tarantino to Reese Witherspoon to the Kardashian family. It boasts “genuine Hollywood soundstages” and has been used to film TV spots and shoot high-profile magazine covers. Based on one section of the database labelled ‘CustomerFile’, Line 204 clients have in the past included Apple, Netflix, Funny or Die, ABC, HBO, Hulu and many more. Another file – named “CustomerCard” – contained financial information, but it was firmly encrypted. IT security experts commented below.
Mark James, Security Specialist at ESET:
“When it comes to choosing your targets with data that’s going to reap the biggest rewards, it usually involves either celebrities or unreleased secrets. Celebrities are always a winner because often their lives are managed by other companies; once said company attains a certain level, they often attract more high profile clients that rely on them to keep their data, and indeed secrets, safe- but of course as their client list grows, then so in theory does their target size. When these companies are the subject of a breach or compromise, the hacker would hope that containing the breach and paying the ransom seems the most “likely” outcome, but sadly in this day and age, data has an uncanny way of making its way public. Sooner or later it will undoubtedly make itself known; paying any ransom is never recommended, after all you are just rewarding bad behaviour or funding further criminal activity. Data breaches are going to happen- it would be nice to think you are 100% safe, but all software has bugs, all systems have a potential failure point and, sadly, you cannot guarantee every member of staff will be 100% efficient at stopping any and all attacks.
If a breach happens, inform the authorities, inform the people in your organisation that need to know, and check and ensure you’re free from any current threats. Prepare your statements for the media and affected users -if any. Information is king here- yes it’s disappointing that data has gone missing, but it’s even worse finding out about it months after you know, when early information could have helped the affected parties”.
Lee Munson, Security Researcher at Comparitech.com:
“The alleged breach of Line 204 by The Dark Overlord is just the latest in a long line of attacks that have seen organisations basically blackmailed into coughing up large amounts of cash to protect extremely sensitive information.
Given how money talks, large organisations and rich and famous people are especially keen to maintain their privacy, often quite fiercely, meaning a film studio breach could be an extremely lucrative cash cow.
While payment card data appears to be safe, names, contact details, salaries and contracts have such value that these attacks will continue for some time to come.
The main question to answer, therefore, is whether the amount invested into protecting such information is comparable to its value in the open market.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.