Game of Thrones Hack: Winter Has Come for Passwords

August 10, 2017

The recent security breach at HBO of confidential data including Game of Thrones scripts, cast personal details and administrator passwords highlights the vulnerability of password-only protection. The breach involved hackers stealing about 1.5 terabytes of data from HBO systems -- more than seven times as much as the 200 gigabytes taken in the 2014 Sony hack -- including scripts for five Game of Thrones episodes and two unreleased episodes of Ballers and Room 104.


Passwords Alone Are Not Enough to Stop the Breach

The hackers have reportedly released numerous confidential documents, including one with a list of personal phone numbers, home addresses and email addresses for Game of Thrones actors such as Peter Dinklage (Tyrion Lannister), Lena Headey (Cersei Lannister) and Emilia Clarke (Daenerys Targaryen). The data dump also includes a month’s worth of emails from HBO vice president for film programming, Leslie Cohen, and technical documents detailing HBO’s internal network and administrator passwords.

This incident clearly demonstrates the futility of relying on passwords for network protection as, in just one incident, all those privileged account details became public. Relying on passwords for the last line of defence is like using toothpicks to defend Winterfell. This data breach is the latest incident to highlight the need for large organisations to rethink security.

Like the Dothraki horde descending on King’s Landing, hackers represent an unprecedented threat to corporate defences.

Secure Access for All Enterprise Identities

We strongly advocate for an identity-based security strategy that mandates multi-factor authentication (MFA) along with least access privilege and machine learning in a complete platform to stop breaches and to minimise the impact of any illicit access. With data breaches occurring at an alarming rate, today’s security is not enough. To address this, companies need to rethink security by using a complete platform to stop breaches through the trifecta of Identity Services for applications, endpoints and infrastructure — both on-premises and in the cloud. Moreover, enterprises need a platform solution that simplifies implementation of identity best practices and strengthens an organisation’s risk posture by taking a unique approach to controlling both end user and privileged access in the hybrid enterprise. Protecting corporate data is essential for enterprises that want to preserve their value.

The significance of the HBO data breach is less about the stolen Game of Thrones documents than how data breaches can impact a company’s bottom line. The stakes for properly securing access to corporate resources and handling security incidents have never been higher -- a fact demonstrated in, which found stock prices fell by an average of five percent and customer churn increased by as much as five percent after disclosure of a data breach.

In the past three months, HBO revenues grew one per cent to US$1.5 billion. AT&T also recently agreed to buy HBO’s parent company Time Warner. There’s a clear possibility that this hack could impact both HBO revenues and the acquisition. The reality is a breach can destroy company value. Hollywood needs to proactively tackle cyber security challenges by protecting employees, customers and partners against cyberattacks. This is critical as cyberattacks become more sophisticated.

The next dimension in security is about protecting the user, mandating multi-factor authentication, implementing least privilege access and leveraging machine learning to stop threats in real-time.

Winter has come for the password.

Learn how to rethink security and protect your enterprise here

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.