Stolen Netflix logins being traded online, potentially leaving people's most sensitive information exposed

Andrew Griffin
Friday 30 October 2015 17:35 GMT
Comments

Stolen Netflix logins are being traded across the internet — and could be leaving people’s most personal information exposed.

Numerous sites are sharing stolen logins to the video streaming site so that people can watch without paying the usual monthly fee. But since many people use the same login details for a range of accounts, those same logins could be leaving internet banking and other sensitive information easily accessible.

Thousands of different logins are easily available across the internet, and many of them are being sold through apparently legitimate outlets like eBay. Numerous listings on the site promise “lifetime” access to a premium Netflix account, for much less than the usual price.

Many users on social media have reported their accounts being hacked. Some report seeing new films show up in their viewing history — while others have been kicked off their accounts entirely.

The stolen accounts are being traded online with warnings not to change the password or engage in other activity that would see users kicked out. That means that accounts could be used without their owners knowledge, though the exposure of passwords also means that a variety of other important personal information could be put at risk.

One Netflix user told The Independent that he only became aware of the attack when a message showed up saying that too many different videos were being watched at once, despite only using the account on one device. He had initially presumed that there was something wrong with the system — until he checked his email and found that his passwords had been changed there, too.

Netflix was able to kick the other users out of the account and change his passwords, and he regained access to his email and Skype accounts through the same means.

The details had been posted on a forum devoted to stealing login information for premium services, which can be accessed by anyone.

The hacked user said that he didn’t think that he had exposed his Netflix password in any way, since the account is only used on the TV and another streaming box.

Security experts said that it was impossible to trace whether the data had come directly from Netflix or had been harvested through other means.

“It is also possible that login details such as this could have been gained from individual phishing attacks directly at Netflix users, meaning that the cyber-criminals are able to gain this information without coming into contact with the organisation,” said David Emm, principal security researcher at cyber security firm Kaspersky Lab.

“Therefore, it is important that individuals should also be cautious about any e-mails they receive, purporting to be from Netflix or any organisation with whom they have a subscription.”

However the login details were originally acquired, losing them is made even more dangerous if people use the same password on a number of accounts.

“It’s a growing concern that many use the same password and personal details across multiple online accounts, meaning if their details have been compromised by one attack they could find other accounts suffer too,” said Mr Emm. “Individuals should ensure that their passwords are complex, that they do not reuse them on different sites and that they change them regularly.

Netflix did not respond to a request for comment.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in