Mumbai: After a recent report exposed how cyber-criminals have been taking advantage of Netfilx’s global expansion, it has now been revealed that online hackers have been stealing user account data and selling it on the Deep Web at heavily discounted prices.
A report published by global cloud security leader Trend Micro pointed out that there are over 75 million Netflix subscribers who are at risk of loosing their valuable data to hackers and cyber-criminal groups.
The report said: “In this scheme, the Netflix user is tricked into clicking on a malicious link found in an email or a website which leads them to fake login page of the service. As soon as the user clicks on the link, the malware harvests account information.”
The people behind this scam have been selling the stolen Netflix user account details on the Deep Web for “as cheap as 25 cents a pop” and $1 for a total of four accounts. The report suggested that the online hackers have managed to accumulate around 3,00,000 passwords.
Moreover, the accounts sold on the Deep Web come along with specific “terms of service” that warn secondary customers to keep account details unchanged, as this would alert the real subscriber to unauthorized activity.
“These stolen Netflix accounts could be perused by any black-market shopper and use the pilfered credentials for just about any paid online service. The sophistication of the scam suggests that these schemes aren’t one-off jobs, but rather part of a proficient business model that potentially feeds the Deep Web economy,” the report said.
According to the report, there is a way that lets users identify if their account is being used illegitimately when random shows and movies appear in the “Continue watching” field, and by receiving arbitrary recommendations of what to watch next.
If any user’s Netflix account is being used without their knowledge, they can check a list of content that has been recently watched via the Netflix website. On the website, users can go profile, and select ‘Viewing Activity’ to reveal usage details.
To prevent any such usage, users can go to “See recent account access” link at the top of the Netflix account page to view which other devices have also been checked in.
If other unknown devices are checked in, users can simply select the “sing out of all devices” option on the main account page. After logging out, the user just needs to change the password under the “Membership & Billing” option.
Additionally, the report also suggested that users should not access Netflix content from any third-party or unofficial advertisements that promise to offer the company’s streaming services for free, at reduced prices, from social media platforms, and posts.
Subscribed users should make it a point to only access content through dedicated Netflix apps or website.
