The HBO Hack: A Comprehensive Timeline

If you've been reading the news lately, you've likely noticed the ongoing stream of reports about the various HBO cyber-breaches. And, if you're anything like us, it's starting to get a little confusing. We set our analysts out to find out what's actually going on. 

The timeline below is a summary of everything leading up to (and currently happening) with HBO's hacker woes.

Read more: Here's a full, in-depth explanation of the HBO hacks


22 May 2016
The source of the leak appears to be HBO itself. As TorrentFreak points out, the episode was available to view a day early on HBO Nordic, available in Sweden, Denmark, Norway, and Finland. (Source)
30 November 2016
Ourmine hacks Facebook CEO Mark Zuckerberg's social media accounts
2 February 2017
Ourmine.org hacks YouTube affecting over 300 of the biggest channels partnered with YouTube network “Omnia Media”
1 April 2017
Ourmine Hacking Group targets Studio71 CEO & gains access to hundreds of Youtube accounts. (Source)
23 July 2017
winter-leak.com domain established, established at 104.28.9.135 (San Francisco, CA). Since changed to 89.38.97.131 (Dublin, Ireland) which is not accepting ping or http requests.
25 July 2017
Hackers breech HBO collecting a reportedly 1.5TB of data (GoT scripts, full episodes of Ballers, Barry, Room 104 , and Insecure, in addition to company webmails and financial records)
27 July 2017
HBO apparently responds to the initial video letter that was sent informing the Time Warner-owned company of the massive data breach. Message features the network’s offer to make a “bounty payment” of $250,000 as part of a program in which “white hat IT professionals” are rewarded for “bringing these types of things to our attention.” - HBO requests one week to get BTC account together and transfer payment. (Source)
31 July 2017
Mandiant Cybersecurity, investigating the network breach with FBI on behalf of HBO reports that one of their analyst's social media accounts (Adi Peretz) was attacked. An anonymous message posted online claimed that the analyst's passwords, billing address, Amazon account and LinkedIn profile had been compromised (#LeakTheAnalyst). Hackers also claimed to have accessed Mandiant's internal systems, but provided no evidence. A group calling itself "31337" dumped Mandiant’s company information including details on Mandiant's network topology, licenses, and business contracts, as well as the victimized researcher's emails and account credentials. (Source)
2 August 2017
Game of Thrones script for “Spoils of War” leaks after HBO hack - dubbed WinterLeak (winter-leak.com) Reference to little.finger66@qq.com
4 August 2017
Reddit user going by the handle of zmax87 has leaked Episode number 4 from Game of Thrones’s season 7 on Google Drive and vid.me, a video streaming website. (StarIndia leak related)

An unreleased episode of Game of Thrones has been published online ahead of its TV debut on Sunday by distribution partner, Star India. Leaked online in a low-quality format — thanks to Google Drive postings in a Reddit thread, included “for internal viewing only” watermark attached.
7 August 2017
Second Wave of Leaks from HBO breech released including more scripts of GoT and legal documents, budgets and phone numbers and email addresses of top HBO executives and actors. (Source)
11 August 2017
HBO suggests hack is not as extensive - and that hackers manipulated the data file “Richard Contact list.txt” is just internal email addresses and not representative of his actual email address book. (Source)
13 August 2017
Episodes of HBO's Curb Your Ethusiasm fall season 9 appears online
14 August 2017
Email from Hackers suggest 3rd wave of HBO releases are coming with links to episodes of "Arliss," "Ballers," "Barry," "Curb Your Enthusiasm," "Felipe," "Insecure," "Latino," "Room 104" and "The Deuce."
15 August 2017
HBO Spain accidentally airs GoT S7, E6 five days prior to its official premiere.

Indian police arrest four in conjunction with Star India release of S7,E4. According to police, three of the accused work for Prime Focus Technologies, a Mumbai-based company that processes the series for Indian streaming website Hotstar. The fourth is a former employee. (Source)
16 August 2017
Ourmine Hacking Group breeches HBO's social media accounts, offering assistance with their data & network security
16 August 2017
Mr. Smith related hackers release 4th Wave of HBO data including Westworld shooting schedules and GoT S7 shooting diaries.

Curious about something you've read on our blog? Want to learn more? Please reach out. We're more than happy to have a conversation.