Researchers have shown that Netflix accounts in Tampa Bay are being targeted by hackers who then go on to resell the login information on the deep web for a lower price.
A Netflix subscriber from Sarasota, Andrew Solum, noticed that a stranger was streaming from his account, movies, and TV shows. Andrew told reporters that, “Someone named ‘Lorene’ had created a user profile. And I’m thinking that’s really strange because I don’t know anyone named Lorene. She watched some kids shows, some dramas, some TV shows.”
Sri Sridharan, a cyber-security researcher with the Florida Center for CyberSecurity, said, that phishing scams and related malware was what hackers were using to get the login information and then sell it on the dark web. “Netflix subscriptions are about $100 to $150 bucks a year, so they could sell it for 50 percent off. And they’re still making a lot of money by selling your account,” he said.
Another problem which arises is that personal infomercial is revealed in the account, including email addresses and partial credit card numbers. Even though Netflix could hide a part of the number, if a hacker sends a phishing email with the partial credit card number then the email looks legitimate.
In Andrew Solum’s case, the intruder only watched for a week before he got hold of the new profile and deleted it. In cases like these, Netflix recommends users log out of all devices and then rest the password. If the virtual intruder had rather not created a new profile but just continued watching under Andrew’s profile, then the intrusion would have been hard to notice.
“They could have just watched under my user profile,” Andrew said.
Netflix subscribers can check their viewing history log to make sure that no unauthorized viewing has been taking place without their knowledge.
Sridharan believed other services such as Hulu and Roku could also be vulnerable.