HBO in leaked e-mail offered hackers $250K bug bounty as "a show of good faith"

Shawn Knight

Posts: 14,321   +162
Staff member

Large companies at the mercy of hackers typically refuse to negotiate with their attackers but HBO apparently made an exception to the rule.

In a leaked e-mail obtained by Variety from HBO to the hackers dated July 27, the network offered to make a bug bounty payment of $250,000 via Bitcoin “as a show of good faith.”

Bug bounties, as you likely know, are often awarded to “white hat” security researchers as a reward for identifying vulnerabilities and bringing them to their attention versus exploiting them for personal gain or selling the information on the black market.

The message also asks the hackers to extend their ransom-payment deadline by one week. “You have the advantage of having surprised us,” HBO said in its e-mail.

Variety said that although the authenticity of the e-mail was confirmed to them by a source close to the investigation, they opted not to publish the name or e-mail address of the HBO executive who sent the message.

A few things stand out as odd in HBO’s response including both the non-confrontational tone used and the small amount of money offered (the hackers originally demanded a “six-month salary” and claimed to generate as much as $15 million a year).

Sources tell the publication that the document was more or less designed as a stall tactic to buy time to further investigate the breach.

Image courtesy THR

Permalink to story.

 

cliffordcooley

Posts: 13,141   +6,438
As long as they choose to remain anonymous, I wouldn't offer them anything. I would only offer the bug bounty and a way out if they came forward and announced who they are. The bounty should remain for people who choose to help.
 

Carmaine

Posts: 82   +100
As long as they choose to remain anonymous, I wouldn't offer them anything. I would only offer the bug bounty and a way out if they came forward and announced who they are. The bounty should remain for people who choose to help.

Let's say hypothetically, this never happened and someone just happened to find this "bug" and came forward and brought it to their attention.

Do you believe HBO would reward this person $250K?