HBO in leaked e-mail offered hackers $250K bug bounty as "a show of good faith"

By Shawn Knight ยท 5 replies
Aug 11, 2017
Post New Reply
  1. Large companies at the mercy of hackers typically refuse to negotiate with their attackers but HBO apparently made an exception to the rule.

    In a leaked e-mail obtained by Variety from HBO to the hackers dated July 27, the network offered to make a bug bounty payment of $250,000 via Bitcoin “as a show of good faith.”

    Bug bounties, as you likely know, are often awarded to “white hat” security researchers as a reward for identifying vulnerabilities and bringing them to their attention versus exploiting them for personal gain or selling the information on the black market.

    The message also asks the hackers to extend their ransom-payment deadline by one week. “You have the advantage of having surprised us,” HBO said in its e-mail.

    Variety said that although the authenticity of the e-mail was confirmed to them by a source close to the investigation, they opted not to publish the name or e-mail address of the HBO executive who sent the message.

    A few things stand out as odd in HBO’s response including both the non-confrontational tone used and the small amount of money offered (the hackers originally demanded a “six-month salary” and claimed to generate as much as $15 million a year).

    Sources tell the publication that the document was more or less designed as a stall tactic to buy time to further investigate the breach.

    Image courtesy THR

    Permalink to story.

  2. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,279

    I say take the money and run. Holding out for more just increases their chances of getting nabbed. It never pays to be too greedy.
    tomkaten likes this.
  3. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,220   +4,140

    As long as they choose to remain anonymous, I wouldn't offer them anything. I would only offer the bug bounty and a way out if they came forward and announced who they are. The bounty should remain for people who choose to help.
  4. Carmaine

    Carmaine TS Enthusiast Posts: 46   +14

    Let's say hypothetically, this never happened and someone just happened to find this "bug" and came forward and brought it to their attention.

    Do you believe HBO would reward this person $250K?
  5. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,220   +4,140

    Judging the merits of the bug bounty is not relevant to the topic or what I said.
  6. Carmaine

    Carmaine TS Enthusiast Posts: 46   +14

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...