An individual or group going by the name “thedarkoverlord” has posted much of the upcoming season of Netflix’s series Orange is the New Black, apparently as punishment for not paying an extortion demand. According to information obtained by Databreaches.net, the episodes were stolen from a post-production studio along with episodes from dozens of other television programs on Netflix and other networks. And the person or people behind the breach are not attempting to further extort the networks that distribute the programs.
Whoever is behind “thedarkoverlord” has breached a number of small and mid-sized organizations’ networks over the past year, apparently by exploiting common vulnerabilities in their websites to gain access. In each case, according to Twitter posts and Pastebin notes by the hacker or hackers, those responsible have posted proof of breaches to GitHub and attempted to extort payments in bitcoins from the victims, threatening to dump customer data and other records if they failed to comply. One target was a US Navy supplier, according to a report from DataBreaches.net (though no sensitive information was part of the breach).
Thedarkoverlord has also been active on xEdic, a dark web site trafficking in “brute-forced” credentials for Remote Desktop Protocol (RDP) servers, according to a report from Flashpoint. Credentials purchased off the marketplace were used in a number of hospital breaches connected to thedarkoverlord.