On April 12, anonymous X account ImStillDissin shared a one-minute snippet of what appears to be the yet-to-be-released film. The Legend of Aang: The Last Airbender. He said Nickelodeon “accidentally” emailed him the entire movie, but that turned out not to be the case. More on that later. “I saw it was just a Paramount+ thing, so I decided to troll a little bit” by posting the videos, he said. Hollywood Reporter at that time. A day later, a complete copy appeared online.
From there, the situation turned into a crisis for Paramount. Her lawyers combed the Internet to scan clips and downloads of the film, although it was too late by then. X’s first two clips that sparked the saga garnered more than 100,000 likes in 12 hours before they were deleted. Superfans hosted viewing parties for the film that appeared on Letterboxd’s “Popular This Week” list. To this day, counterfeit DVDs are still sold on eBay.
to Avatar: The Last Airbender Fans, the movie was supposed to be the long-awaited return to the series. The original show, which ran from 2005 to 2008, had an impressive showing on Netflix in 2020, when it topped the daily chart for more than 60 days, and even last year, when it ranked as the third most-streamed anime show on the platform. In some corners, it is considered one of Nickelodeon’s greatest hits and is among the most beloved American animated shows. Twenty years later, Paramount sees value to be extracted.
Courtesy of Nickelodeon
Avatar Studios was created in 2021 as a division tasked with creating a world based on the universe Avatar world, which will include upcoming series Seven havens. Legend of Aang It was supposed to premiere in theaters, but plans changed after David Ellison took control of the studio through the Skydance merger.
Paramount conducted an investigation into the incident. As part of the investigation, the company ruled out the possibility of liability, a source familiar with the situation said THR. This would suggest a third-party platform with access to the film was hacked, which cost Paramount tens of millions of dollars to produce.
Now, Vision Media, a display company that promotes awards shows for studios such as Disney, NBCUniversal, Netflix and Paramount, is investigating whether the leak can be traced back to security vulnerabilities in its platform. And in a recording he obtained THRJason Diedrich, CEO of Vision Media, was overheard detailing to one of the gray hat hackers, Jason Sawyer, that the cybercriminals “appear to have access to the content” on its servers, but he “didn’t know how.”
“Our treatment plan is very broad,” Diedrich said in an April 22 discussion.
Unlike white hat hackers, gray hat hackers stealthily infiltrate corporate systems to find security vulnerabilities. They then decide whether they want to notify the company and provide advice or announce their findings. Sawyer obtained information about an exploit in the Vision Media network that was used to gain unauthorized access. “I verified the steps I received from the threat actor and confirmed this was a real issue,” he says. “I have taken steps to make reasonable disclosure and contacted the company.”
The investigation did not conclusively conclude that Vision Media was responsible. Diedrich said in the recording that he “cannot say specifically what happened or how it happened.” Vision Media declined to comment, citing “ongoing investigations” involving third parties.
For years, at least since the devastating Sony Pictures hack in 2014, studios have been spending big money strengthening their online walls. However, the system is only as strong as its weakest link. Many movie leaks have been discovered to have originated from award screens. Figure A: The Hive-CM8 hacking group was uploaded in 2015 to the Internet The Hateful Eight, The return and Doctrineamong several other Oscar contenders that were not released that year, were stolen after physical copies of performances sent to voters for awards consideration were stolen.
in case Legend of AangHackers may have gained access to Vision Media’s server, which houses catalogs of many films that awards voters have long watched. “They’ve been in your network for a long time,” Sawyer told Diedrich. “They’ve been navigating various different things.”
Later in the conversation, Diedrich said Vision Media was conducting an internal investigation and “cooperating in external investigations with law enforcement and affected groups.”
Days after the exchange, a 26-year-old man was arrested in Singapore for allegedly accessing a media server without permission and leaking the film online, according to a report by one of the country’s major newspapers. Straight Timeswhich cites a police report that does not name the person.
But there are several clues that point to the hacker’s identity. Sawyer, a gray hat hacker, says he identified the person behind the ImStillDissin account as Devesh Logendran, a cyber expert who was accused in 2018 of hacking into the NFL’s
There are further clues in a second X account from ImStillDissin called IDISSEVERYTHING. The biggest trail: Accounts registered with that name on PayPal, Discord, and Telegram, among other platforms, can be traced back to Logendran, says Sawyer, who used open source intelligence tools from OSINT Industries to verify online accounts linked to the name, email address, or in this case, username.
In X, IDISSEVERYTHING also hinted that his first name is Devesh and that he lives in Singapore. In fact, when called ImStillDissin THR In the previous Signal report in April, his caller ID name appeared as Devesh. THR I have reached out to Logendran and IDISSEVERYTHING for comment.
On 4Chan and other online communities, high-profile hackers discuss trading illegally obtained movies and TV shows among themselves and, on occasion, selling their possessions. Before the film became widely available for download, an account appearing to belong to someone in Singapore who eventually leaked the entire film attempted to spark a bidding war. (The account also discussed Singapore’s copyright law and whether the country is extraditing criminals to the US) “I got it,” the account posted. “Look [for] Highest bidder with actual interest in purchasing it. No trolling at all.
“There are a lot of vulnerabilities that a lot of people know about, and in general, there are private communities that exchange files and do all that kind of stuff,” ImStillDissin said. THR In April. “There are many leaks within this pipeline.”
He stressed that “many people were able to reach it.”
Aidan Rennie, co-founder of cybersecurity firm Alerts Bar, says most signs point to the leak coming from Vision Media. He explains that the hackers gained access to the company’s server either through an API flaw or, more likely, stolen login credentials.
“In this world, this kind of thing happens when credentials get leaked online,” Rennie says. “This data is floating around on the Internet, but the fact that we haven’t captured anything else means it’s still in private hands. That would make sense because they wouldn’t want to share that information and give away that resource.”
When Lougendran was indicted in 2018, prosecutors detailed a complex scheme in which he used publicly available information to gain access to the NFL’s Twitter account. He started by finding the social media manager’s Twitter account, which was linked With her email address, this email was linked to a phone number belonging to her husband, registered through the Canadian media company Rogers Communications.
Armed with these details, Logendran contacted Rogers’ online support team and impersonated the husband, claiming he had been locked out of his work account. The support team issued him a temporary username and password. He then located the social media manager’s phone number and arranged for the messages to be forwarded to his own device, meaning any text messages sent to her phone would also reach his phone. That gave him the final piece he needed: After he reset the password on her email account, the temporary password she received was sent to him as well. With access to her email, getting her NFL Twitter password was easy.
“What you did was kind of unprecedented,” ImStillDissin said, referring to what she did. Avatar a leak. “I didn’t really register the consequences.” The production cast and crew will bear some of those consequences, with the leak potentially cannibalizing viewership when the film officially premieres on Paramount+ in October.
Amid the fallout, a common refrain has emerged from backseat CEOs that the studio left money on the table by bypassing the traditional theatrical release. When it was announced last year that the film would premiere exclusively on Paramount+, a petition to overturn the decision garnered nearly 100,000 signatures. “The animation looks amazing, and the movie deserves to be in theaters,” posted an account on 4Chan, where fans discussed the leak. “However, instead, they sent him to die on live broadcast.”
For Paramount, the saga may not be over. ImStillDissin said hackers have a coming Avatar series Seven havens They’re in their sights next and they’re hungrier than ever for new content. “There are a large number of people who have access to insider things like this,” ImStillDissin claimed. “There’s more under the tip of the iceberg.”
