The hackers who breached HBO's servers have declined a ransom payment of $250,000 from a top HBO exec, according to an email leaked by hackers to the press.
The email is a message sent by an HBO high-ranking manager asking the group to delay the dump of over 1.5TB of data the hackers stole from HBO servers during a period of six months.
The hackers, who go online by the pseudonym of Mr. Smith, have leaked some data in two separate incidents during the last two weekends.
They also threatened to leak new data every week unless HBO would pay them the equivalent of their salaries for six months. The group previously bragged about making between $12 and $15 million from extorting other organizations, meaning they asked HBO for a ransom of at least $6 million in Bitcoin.
The email sent by the HBO exec asked the hackers to delay the next leak for a week as the movie studio was busy gathering the funds for the final payment.
In exchange for the hackers' good will, the company was ready to pay $250,000 disguised in the form of a bug bounty reward, which the company usually gives out to white hat security researchers.
While we don't know if and what the hackers replied to the HBO exec's proposition, by leaking the exec's email we can deduce they weren't happy with the proposal. We also don't know if HBO made the payment or not, and if the hackers leaked the email regardless of the $250,000 payment, just to put more pressure on HBO.
During the first leak, the hackers leaked the script for episode 4 of Game of Thrones season 7, and upcoming unaired episodes from Ballers and Room 104, two other HBO productions.
In the second leak, the hackers leaked the script for episode 5 of Game of Thrones season 7, technical details about HBO's internal network, administrator passwords, email correspondence from HBO's vice president for film programming Leslie Cohen. The next leak is scheduled for Sunday, August 13.
A copy of the email sent by the HBO exec is available below, courtesy of DataBreaches.net. HBO did not respond to a request for comment, nor did it confirm the email's validity to other publications who reported on the topic.