Cybercriminals Hijacking Netflix and Other Streaming Accounts

It has been reported that the surge in the use of streaming music and video services has been accompanied by a surge in the number of user accounts being taken over by cybercriminals.

Entertainment During Isolation

Self-isolation and the instruction to stay at home during the next few weeks in the COVID-19 crisis has meant that many people have turned to streaming services like Amazon Prime Video, Netflix, Spotify and Apple Music. In fact, the demand has been so high that many streaming and social media platforms have reduced the bit rate of videos in order to make sure that services can still be delivered without taking up too much bandwidth.

Stealing and Selling Your Credentials

Security company Proofpoint has now warned that cybercriminals are taking advantage of this increase in demand for streaming services by stealing the valid credentials of users and selling them online.  This means that someone else may be piggybacking off a user’s streaming account without them even knowing it.  When the account credentials are sold online (for a much lower price than normal accounts), the seller gives instructions to the buyer not to try and change the login details of the account.

How?

For cybercriminals to hijack streaming accounts, they first need to steal the legitimate credentials of existing users. Proofpoint has reported that this is achieved by using methods such as:

Keyloggers and information stealers – software that has been unwittingly downloaded, that is able to record keystrokes to discover logins and other valuable personal data.

Phishing attacks – convincing emails from bogus sources that have made users click on a link/ to re-direct, which has led to login credentials and financial information being stolen and/or malicious software being loaded onto their computer/device.

Credential stuffing – where logins are stolen in cyber-attacks on other sites/platforms and sold on to other cybercriminals are tried in other websites in the hope that a user has been password sharing (using the same login for multiple websites).

How Do You Know?

The ways to tell whether your streaming account is being piggybacked include checking the settings to view which devices are connected to the account, checking previous activity on the account and activating the options that notifies you each time a new device connects to your account.

Protection

Since the ability to hijack a streaming account relies on the ability to steal login details, following basic data security and hygiene can dramatically reduce the risk to users. For example, using strong and unique passwords, not sharing passwords between different websites/platforms, using a good password manager, keeping anti-virus software and patches up to date, keeping systems and browsers up to date, and not clicking on links or attachments in emails may help protect against this and others similar crimes.

What Does This Mean For Your Business?

Cybercriminals are quick to take advantage of a crisis or a trend and are always keen to find easy, low-risk ways to get money and personal details.  In this case, adhering to relatively basic security best practice can prevent you from falling victim to this and many other cyber-crimes. 

Sadly, this is not a new situation.  For example, a CordCutting.com report from last year suggested that around 20 per cent of people who watch a paid-for video streaming service are using someone else’s account.

Now that streaming services are experiencing a surge in users and are very much in the spotlight, it may be a good time for those services to tackle some of the long-running security concerns and to reassure users that they are taking some responsibility to make it much more difficult of others to piggyback accounts.