Hackers Find Celebrities’ Weak Links in Their Vendor Chains

Hackers Find Celebrities’ Weak Links in Their Vendor Chains

In December, hackers impersonating an executive at Interscope Records, the record label owned by Universal Music Group, managed to bypass all the latest in digital defenses with a simple email.

In a carefully tailored message, the hackers urged an executive at September Management, a music management business, and another at Cherrytree Music Company, a management and record company, to send them Lady Gaga’s stem files — files used by music engineers and producers for remixing and remastering.

With a click of a button, the files made their way into hackers’ hands, according to three people who are familiar with the episode but are not allowed to discuss it publicly. Executives would not elaborate on the incident, and it is unclear what happened to the files.

The heist — which has not been reported previously — was a classic example of how hackers exploit the weakest link in the extensive chain of vendors, postproduction studios and collaborators that corporations must trust with their most valuable intellectual property.

Read full article at New York Times>>