I’ve had few experiences in the last year more disconcerting than this one: Logging on to Netflix, I was told that I was already online—and that I was, in fact, already streaming content from the service. More disconcerting still? Supposedly I was watching a movie titled Snow Buddies, which Netflix describes as “a family-friendly tale” in which “a feisty pack of golden retriever puppies embarks on an Alaskan adventure.”
At first I thought it might have been my ex, with whom I share my Netflix password. But my settings allow for simultaneous screening on two screens, so a third party with bad taste must have been using the account too. Plus, she just doesn’t seem like the Snow Buddies kind. Now, thanks to recently published research by the cybersecurity company Symantec, I have a better idea what was likely going on.
In a blog post, Symantec’s Lionel Payet describes an active black market for Netflix passwords, one in which account information may be available for as little as 25 cents. One such service examined by Symantec claims that it has 300,000 passwords in stock and that it offers a seven-day guarantee on purchases. Its terms of service—yes, even pirates have them—instruct purchasers to avoid changing info on the stolen accounts, as doing so makes it more likely that the legitimate account holder will notice that something has gone wrong.
Payet describes two primary pathways through which these marketers acquire the accounts: First, they harvest account information from malware, “malicious files posing as Netflix software on compromised computers’ desktops.” According to Symantec, these deceptive programs are often downloaded when users click through “fake advertisements.” Account black marketers also collect passwords through more traditional phishing schemes, in which “attackers redirect users to a fake Netflix website to trick users into providing their login credentials.”
Symantec offers a handful of suggestions for account protection, though most of them fall under the rubric of common sensible cyber hygiene precautions: The company “advises users to only download the Netflix application from official sources. Additionally, users should not take advantage of services that appear to offer Netflix for free or a reduced price, as they may contain malicious files or steal data.”
But as far as I know, I hadn’t taken either of those missteps, and yet Snow Buddies still lingers in my account history, suggesting that somehow, somewhere, I (or my ex) went wrong. I know this much: As Trevor Mogg suggests, account black market sites may only become more common as Netflix continues to expand its global reach. Strategies for stealing our information will likely become cleverer as the demand grows.
