Subscribe

Netflix logins a new cyber crime target

Michelle Avenant
By Michelle Avenant, portals journalist.
Johannesburg, 12 Feb 2016
Cyber criminals use social engineering to steal Netflix credentials and sell them on the black market.
Cyber criminals use social engineering to steal Netflix credentials and sell them on the black market.

A Symantec blog post has highlighted a fast-growing trend among cyber criminals: stealing victims' Netflix login details.

In addition to online banking and social network profiles, video streaming accounts are now a major target for cyber criminals, according to the security company.

Phishing, faking or malware

Symantec has observed a variety of methods cyber criminals use to steal users' login details.

In one case, Danish users received a phishing e-mail posing as Netflix, telling them their accounts needed to be updated as there was an issue with the monthly payment process, essentially tricking users into giving up their login details.

Many other attackers redirect users to fake Netflix login pages that exist to harvest their details.

In another case, malicious files pose as Netflix software on the user's computer while stealthily stealing their banking information.

Black market

The cyber attackers are looking for more than just free Netflix, says Symantec.

There is a burgeoning underground market for accessing Netflix at a reduced price, the company says.

Many cyber attackers sell the stolen login credentials to other users as reduced-price Netflix subscriptions. One advertisement shared by Symantec offers Netflix logins for 25 US cents (about R4) per account - "minimum purchase: 4 accounts".

Under the radar

While a "basic" Netflix subscription allows just one user access at a time, a "standard" account allows two users simultaneous access, while a "premium" account allows four users at once.

ITWeb Security Summit 2016

Don't miss the definitive event for security professionals:
17-18 May (conference and expo), 19 May (workshop)
Vodacom World, Midrand
Book today!

This means many victims of Netflix login theft may have no idea they have been hacked, because up to three black market users can secretly piggyback their account while they are using it.

If a user tries to watch Netflix when the paid-for number of users is already accessing the account, they will be barred from the service with an error message such as "too many people are using your account right now," according to the Netflix help page.

If a user has this experience but has not shared their login details with anyone else, or cannot confirm who else is using their account, it is likely this is a sign their login details have been stolen.

Easy fixes

Fortunately for victims, recourse against login theft is easy compared to other cyber attacks.

The service allows users to easily check their recent streaming activity to see which devices are accessing their account. If they see any they don't recognise, they can pick an action that allows them to sign out of all devices connected to their account - although this can take up to eight hours to work, says Netflix.

Once all devices have been deactivated, the user can change their password to keep illegal users out.

Stolen Netflix login vendors advise customers not to attempt to change the stolen password, as this will alert the original user that their account has been compromised.

Share