A full version of the $80 million animated Paramount+ film "Legend of Aang: The Last Airbender" leaked online last week. It’s been a little more than a decade since the Sony hack unleashed the email inboxes of top executives and saw multiple finished movies dropped into the public domain exposing cybersecurity as one of Hollywood’s Achilles’ heels. And according to a new report not much has changed.
Page Six Hollywood got an exclusive look at a new report by U.K. cybersecurity firm Red Sift which found that the U.S. entertainment industry, particularly TV and movie studios, remains as vulnerable as ever to a state-sponsored cyber breach.
The cybersecurity firm analyzed California’s 100 largest employers, which includes many of the top film and TV players, and found that Hollywood never closed the basic cyber gaps exposed by the 2014 Sony Pictures hack. Alarmingly, 71% of major studios have no enforced protection against email impersonation. In fact, Universal is the only studio that actively blocks spoofed or malicious emails.
Sources familiar with the investigation reveal that the leak wasn’t caused by a vulnerability in Paramount’s systems. Getty Images Case in point: a full version of the $80 million animated Paramount+ film “Legend of Aang: The Last Airbender” leaked online last week, six months before its release — a cataclysmic breach for the hundreds of people who worked on the film. The studio declined comment, but a source familiar with the preliminary investigation found that the leak wasn’t caused by a vulnerability in Paramount’s systems. Nevertheless, a person in Singapore posted the full “Legend of Aang” cut after presumably receiving it from the hacker collective Pegglecrew. Though Pegglecrew has been somewhat quiet in recent years, it famously broke into the popular, independent software hosting website Fosshub as well as Ringo Starr’s Twitter account in 2016.
Red Sift’s Brian Westnedge, director of alliances and partnerships, tells us that the “Legend of Aang” incident should provide a wake-up call to the sleepy majors.
“[It] shows the stakes facing today’s studios and entertainment companies by not taking the latest cybersecurity risks seriously,” Westnedge says. “This kind of hacking event not only spoils the fun for filmgoers but causes real world financial harm both to the studio and everyone who worked on the movie. Now more than ever is the time to take security seriously, get the basics right.”
Two years ago, Paramount watched in horror as an unfinished copy of Paramount’s “Saving Bikini Bottom: The Sandy Cheeks Movie” leaked online about two weeks ahead of its theatrical release. Ever since a group dubbed GoP (“Guardians of Peace”) wreaked havoc on Sony, multiple studios have faced off against pesky cybercriminals. In late 2016, TheDarkOverlord stole a full season of Netflix’s “Orange Is the New Black” and demanded a ransom, which was ignored. Months later, TheDarkOverlord released his bounty ahead of the series’ air date. In 2017, Mr. Smith infiltrated HBO and made off with a script summary of an unaired “Game of Thrones” episode as well as upcoming episodes of “Ballers,” “Insecure” and “Room 104.” The hacker, later determined by the feds to be working for the Iranian regime, demanded millions (it was around $5M-$7M). More recently, Disney let a cyber intruder named NullBudge in the door in a 2024 Slack Attack. The following year, a California man pleaded guilty to the crime.
“The Interview,” starring Seth Rogen and James Franco, was at the center of the 2014 Sony hack. ZUMAPRESS.com Weirdly, I’ve interacted one on one over the years with GoP, TheDarkOverlord, Mr. Smith and NullBudge via encrypted channels and direct messages. All seemed formidable, but TheDarkOverlord was by far the most personable. (In 2019, TheDarkOverlord’s ringleader Nathan Wyatt was extradited from the U.K. to the U.S. and was sentenced to five years in prison the following year. (He appears to be out and is no longer listed among inmates in the Missouri penetentary he was being held.)
Meanwhile, the Red Sift report finds that Hollywood is woefully unprepared at a time when geopolitical conflict reigns and slick impersonations get easier thanks to AI. If a hostile nation launched a coordinated cyber or influence campaign tomorrow, more than two-thirds of the major studios could be impersonated instantly via email, with no hacking required. That exposure varies sharply by company, raising questions about governance, risk tolerance and executive oversight.
As of this writing, not one of the major Hollywood studios uses what is known as BIMI brand verification — meaning company-originated emails contain an official logo. (Comcast is reportedly in the planning phase.) Without that final stamp of authentication, studio emails look less trustworthy and are easier to impersonate. And that creates a scenario where your favorite series in postproduction could wind up in the ether well before launch.
Then again, Hollywood is a town that often celebrates hackers and might have a bit of a blind spot. Rami Malek won an Emmy for his starring role in “Mr. Robot” in 2016, less than two years after the Sony hack.
