Lions Gate Experiences Major Security Breach

Lions Gate experienced a catastrophe of a security breach recently when a full digital copy of “Expendables 3” was stolen, and uploaded to the Internet before its August 15 release date. More than 2M copies were illegally downloaded from sites such as billionuploads.com. This is one of the worst security breaches ever experienced by any studio, and is at the level of the “Target Breach”. Lions Gate has released limited information on the topic, so it’s difficult to ascertain where the security lapse occurred in the development life cycle of the film. If the movie was stolen in the post production process, this is likely to have big repercussions for the Lions Gate partner ecosystem.

Where Did The Breach Occur

In the feature film business, its normal for big studios such as Disney and Lions Gate, to work with dozens of partners in making feature films. These partners are known as post production houses, and they enhance elements of the film, whether adding subtitles, coloring, editing, sound, and so on. Most of the time these partners don’t have full digital copies of the film in their possession, unless its Deluxe or Technicolor, the two largest post houses in the world that work hand-in-hand with big studios, and sub-contract parts of the work to smaller post houses.

Deluxe and Technicolor work on every major feature film, in one way or the other, in doing some sort post production work, or filming. Thus, the film could have been stolen somewhere in the post production process. As an added security measure, studios use digital watermarks, and time stamps known as character generators, that identifies what post house is doing what, and if they should intentionally or unintentionally release the film, the studio is able to find the culprit, and take immediate action against that outfit.

The other area where the film could have been stolen is directly from the Lions Gate infrastructure. Lions Gate does use AWS for some of their infrastructure services to run production SharePoint workloads, and for testing & development of SAP applications. Lions Gate doesn’t likely store full copies of its movies on AWS, but if hacker is able to breach the SharePoint instance or SAP applications, they can use those credentials to move horizontally into other systems that store movies. I think this is the least likely scenario.

The best practices when it comes to storing content on AWS, studios should never store copies of yet-to-be released movies on AWS, as its way too risky. Its best to store content in a neutral co-location facility with a direct private line connection from the colo facility back to studio HQ, with no direct Internet access at the colo facility. The last area where the breach could have happened – the hacker could have accessed Lions Gate system directly from the Internet, and stole the movie from their onsite storage arrays. At this point, it’s difficult to say where the breach occurred, as security is usually really strong in all three areas mentioned above, but if I were to guess, it would probably be somewhere in the post production process.