Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm.
The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact details, and other information belonging to superstars, including Madonna, Christina Aguilera, Sir Elton John, Run DMC, Bruce Springsteen, Barbra Streisand, and Lady Gaga, and their representatives.
The data was swiped by the REvil, aka Sodinokibi, malware-slinging gang best known for taking down Travelex, infosec biz Emsisoft’s Brett Callow told The Register.
A Tor-hidden website belonging to REvil, which lists dozens of organizations compromised by the crew, includes screenshots of folders, a non-disclosure agreement, Madonna’s 2019-2020 tour arrangements, and Aguilera’s music rights as proof of its cyber-heist.
The gang claims to have hacked entertainment law firm Grubman Shire Meiselas & Sacks, based in the Big Apple, and siphoned its documents.
The law firm could not be reached for comment. We assume they were otherwise occupied. Their website right now just shows its logo whereas as recently as May 8, it listed its clients and staff.
“The documents purportedly include information about multiple music and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO’s ‘Last Week Tonight With John Oliver,’ and Run DMC. Facebook also is on the hackers’ hit list,” reported showbiz industry mag Variety, which was also tipped off by Emsisoft.
The law firm also represents big name personalities in TV, film, and sport, and media and online giants, from Kate Upton and Robert De Niro to Sony, Spotify, Vice, and EMI. It is assumed the swiped data was partially leaked to encourage the lawyers to cough up a ransom demand – or the rest of the information would spill onto the dark web. ®
Updated to add
Grubman Shire Meiselas & Sacks have said they were hacked, and in a statement said: “We can confirm that we’ve been victimised by a cyber-attack. We have notified our clients and our staff. We have hired the world’s experts who specialise in this area, and we are working around the clock to address these matters.”