Winterleaks | HBO Hackers leak Game of Thrones season finale script

On July 31, news broke of a cyber incident affecting HBO. Various media outlets reported that hackers claimed to have acquired 1.5 terabytes of data from the network, and threatened to release it all if they didn’t get paid their “6 months salary”, equivalent to about $6.5 million, as the hackers claimed to make between $12 to $15 million per year hacking and then blackmailing organizations.

To prove they hacked HBO, the hackers, dubbed “Mr. Smith”, released about 3-4 gigabytes of data while making their demands, including a month’s worth of emails taken from the network’s vice president for film programming, as well as administrator passwords.

After knowing the “Mr. Smith” hacking group meant business, HBO offered them a $250,000 payment in bitcoin, in exchange for a one-week deadline extension. The network offered the money as a “bug bounty” payment, presumably to show good faith, although some stated the offer was a stall tactic. It added that the network needed the time to establish an account and acquire Bitcoin.

In response to the network’s tactics, the hackers claimed that HBO was acting in expected patterns, and even stated they were “eagerly waiting for ForEye’s report… tell them to hurry up.” It’s believed the hackers were talking about cyber security company FireEye Inc.

Now, according to reports, the hackers sent HBO’s hit series Game of Thrones’ (GoT) season finale script to mainstream media outlets, including Mashable and The Independent. The 20-page-long script wasn’t leaked to the public but is reportedly for sale on the deep web.

The hackers claim to have sold everything they have – about 5 TB of data, according to them – to three separate clients on the deep web. The group claims to have netted half the requested ransom from these sales. They added:

“By the way, we officially inform you and another hundred of reporters who emailed us that we sold ‘HBO IS FALLING’s entire collection (5 TB!!!) to 3 customers in deep web and we earned half of requested ransom. (…) “We put a condition for our respected customers and they approved. We will leak many many waves of HBO’s internal stuff to punish them for playing us and set an example of the greedy corporation.”

A detailed Reddit post added information about the website that hackers were reportedly using to post stolen data. The website,, is inaccessible at press time, presumably due to network overload or being taken down. Hack Read shared a video on what it looked like:


Hackers claim to have hacked 17 different organizations

The hackers claimed that, so far, they’ve managed to breach 17 different organizations using zero-day exploits, and that only three dared not to pay them. They added that if HBO refused to pay, they would superimpose “HBO is Failing” on top of stolen shows, and then dump them online to disrupt the network’s business.

HBO recognized “proprietary information” had been stolen, and added that it was investigating the attack with cyber security experts and police. The network even hired internet security company IP Echelon to hide leaked files from search results by sending a Digital Millenium Copyright Act (DMCA) takedown notice to Google, according to Variety.