Another vendor security lapse.
A hacker this weekend published ten upcoming episodes of Netflix’s hit prison series Orange Is The New Black to a pirate Internet site, and claims it has unreleased footage from other studios including ABC, Fox, and National Geographic.
The hacker, which stole the material from a post-production service called Larson Studio, goes by the name the Dark Overload, and has claimed responsibility for other high profile data dumps, including from medical providers.
It’s unclear if the Dark Overlord is a person or group, but the hacker’s motive appears to be clearly financial as they have sought to extort other victims in the past, and on the weekend complained Netflix didn’t pay.
“It didn’t have to be this way, Netflix,” the group said in a statement. “You’re going to lose a lot more money in all of this than what our modest offer was.””
The website Databreaches reports that the hacker initially tried to extort Larson Studios after the theft (which appears to have occurred in December), and then targeted the studio instead. Netflix has acknowledged the leak.
Get Data Sheet, Fortune’s technology newsletter.
“We are aware of the situation. A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved,” said the studio in a statement. The stolen Netflix content consist of the first 10 of the 13 episodes of Season 5 of Orange Is The New Black, which Netflix has said is its most popular original series. According to Variety, Netflix may move up the release of the new season in light of the breach.
Meanwhile, the Dark Overlord suggested on Twitter late Sunday that further leaks are imminent.
It’s not clear if the hacker’s tweet is a threat to release more Netflix material, or shows from another studio.
The hacking incident, which is being investigated by the FBI, highlights a major problem for companies when it comes to cyber-security. Specifically, even if take every precaution to secure their own systems from hackers, they still must rely on a litany of outside vendors, which are often more vulnerable.
The vulnerability of outside vendors has figured prominently in other high-profile security incidents, including Target, in which hackers breached a third-party point-of-sale provider. In response, one consortium known as CyberGRX has begun to offer a clearing house service to help audit such vendors.