author photo
By SecureWorld News Team
Tue | Aug 15, 2017 | 2:39 AM PDT

If you've been following the HBO hack that occured a couple weeks ago, you know that 1.5 terabtyes of data was allegedly stolen. So far, a few episodes, scripts, and actors' personal phone numbers and addresses have been posted online. 

Now it's been revealed that an HBO employee is supposedly offering the hackers a bug bounty payment for 'disclosing the vulnerability' in their system.

The email, which references HBO's program to reward white hat hackers, says the company is willing to pay a 'bug bounty' in the spirit of 'professional cooperation'.

A portion of the email reads as below:

“As you may know, we have a bug bounty program to reward “white hat” IT professionals who bring these types of things to our attention. We also have been working very hard since Sunday evening to review all of the material that you have made available to us. We simply have not been able to do so. We also have not been able to put into place the necessary infrastructure to be able to make a large payment in bitcoin, although we are taking steps to do so as you suggested.

“You have the advantage of having surprised us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week. As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire Bitcoin, or we can wire the funds as soon as you give us the account information.”

While $250,000 is a far cry from the multi-million dollar ransom payment the hackers are demanding, it still begs the question of, Why is HBO paying them at all? And calling it a bug bounty at that?

However, an HBO spokesperson has said that the company was "not in communication with the hacker, and we're not going to comment every time a new piece of information is released," according to The Inquirer.

Do you think the email is legitimate? If so, do you think the payment blurs the lines between a bug bounty and a ransom payment?

Comments