It’s long been known that hackers are nabbing and selling Netflix passwords, but a new report this week from security firm Symantec suggests the problem is growing following the streaming site’s recent international expansion to 130 new regions.
For hackers, the expanding membership base of Netflix, which is now available in a total of 190 regions globally, means there are more opportunities than ever to steal and sell passwords.
While the cost of a subscription for the streaming service already seems pretty reasonable when you look at the (legal) alternatives, the rise of the black market in Netflix passwords shows some people are willing to pay a lot less even if it means breaking the law.
According to Symantec, hackers grab passwords mainly through phishing attacks where a Netflix user is tricked into hitting a malicious link in an email or website that leads them unknowingly to a fake login page for the service. Malware is also being used to harvest account information, the California-based security firm said.
It also reveals that some cybercriminals are selling Netflix passwords on the dark Web for as little as 25 cents a pop. An ad lifted from the Web by Symantec shows a password vendor offering a minimum purchase of four accounts for a total of $1, adding that it has 300,000 passwords in stock. Its “terms of service” instructs customers not to change any account details as this would obviously alert the genuine subscriber to unauthorized activity.
Assuming the account details are indeed left untouched by the intruder, as a legitimate user you could still notice that your account’s been compromised if your “recently watched” list says you’ve already steamed through the entire season of Making a Murderer when you know darn well you haven’t (though why haven’t you?).
The video-streaming service now has 75 million users worldwide, a figure that indicates there’s plenty of potential for the black market in stolen Netflix passwords to expand and go on operating.
If you suspect that your Netflix account has been receiving an unwelcome visitor (or visitors), be sure to run a check:
- Go to website haveibeenpwned.com.
- Check out the email address associated with your Netflix acount
Of course, if you’d rather be safe than sorry, you can skip that step and go straight to the fix: change your password. The important thing to remember is that you should change the password of any other account that uses the same one.
netizens left a footprint.