Warner Bros., the entertainment and media titan has been duped of US$1.3 million through simple hacking. One would not expect such basic security lapses in such a big conglomerate – but therein lies the story. And it serves as a classic example of the devious ways of cyber criminals. Let’s follow the sequence of events:
- In 2019, Warner Bros. took over another U.S. firm, Entertainment Merchandise NY (EMNY). The accounting of this firm was handled by Dan Schwartz CPA, and Warner decided to retain their services.
- Sometime after this acquisition, hackers using an IP address located outside the U.S. somehow gained access to the servers of Dan Schwartz. Apparently, this allowed the hacker to intercept emails between Warner and Schwartz.
- As the owner of EMNY, Warner decided to transfer one EMNY savings fund of US$1.3 million to another account at Bank of America. Through an email, Warner authorized Schwartz – the EMNY accountants – to make this transfer.
- The hacker intercepted this communication and misled Schwartz employees, through phishing messages, into transferring the money to a spurious account in Wells Fargo.
- Warner Bros. has filed a lawsuit against Dan Schwartz in a federal court. As reported, their complaint states “the accounting firm did not have the means to secure its networks, systems or mail servers in the event of an information security incident, being exposed to unauthorized access and hacking.”
Hacking is now an expected disruption to enterprises. However, in the current case, the point of contention is that the accounting firm neither verified the source of the phishing email nor confirmed the fake transfer request. These two lapses eventually helped the malicious player to pull off the heist.