In December, hackers impersonating an executive at Interscope Records, the record label owned by Universal Music Group, managed to bypass all the latest in digital defenses with a simple email.
In a carefully tailored message, the hackers urged an executive at September Management, a music management business, and another at Cherrytree Music Company, a management and record company, to send them Lady Gaga’s stem files — files used by music engineers and producers for remixing and remastering.
With a click of a button, the files made their way into hackers’ hands, according to three people who are familiar with the episode but are not allowed to discuss it publicly. Executives would not elaborate on the incident, and it is unclear what happened to the files.
The heist — which has not been reported previously — was a classic example of how hackers exploit the weakest link in the extensive chain of vendors, postproduction studios and collaborators that corporations must trust with their most valuable intellectual property.
In Hollywood, cybercriminals have found a lucrative niche: While they may not be able to break into a Universal Studios or a Netflix directly, they have learned that the highest-profile targets are supported by a system of soft targets — content collaborators, remixers, postproduction studios and others — that do not have the same resources, security technology or sense of paranoia. And the hackers have started capitalizing.
Last month, a hacker or hackers using the pseudonym “TheDarkOverlord” leaked unreleased episodes of the Netflix hit series “Orange Is the New Black” after breaching Larson Studios, one in a long line of postproduction players that Netflix relies on to tailor its content for high-definition television.