Published on November 28th, 2019 📆 | 2040 Views ⚑0
Netflix warned to step up after dormant credentials were hijacked by hackers
Engineers are working on a flix
NETFLIX cordcutter-cutters are demanding answers after it emerged that some former users’ accounts were being reactivated by criminals.
An investigation by Auntie Beeb’s You and Yours programme found that if someone finds a dormant Netflix account and is able to get into it, the provided bank details from the subscription are still listed, meaning that all the hacker has to do is start watching, whilst the original customer pays.
Plus, of course, if the criminal then changes the password, then that’s it, the account is locked out for the legitimate account holder.
Netflix credentials do a pretty brisk business on the Dark Web, with ‘lifetime’ subscriptions (highly unlikely that this would be true) for less than a fiver.
In order to give leavers an easy way of rejoining the service, accounts that are deactivated have all their details, including bank account info, stored for ten months from the date of leaving, unless the customer specifically asks Netflix to delete them sooner.
According to the radio investigation, Netflix has had a lukewarm response to complainants, asking them to file a ‘chargeback’ payment for any unauthorised activity with their bank, rather than take on the issue.
It also found that eBay had listings for stolen credentials freely available and starting at £3. The shopping site has confirmed that it has removed all such listings and would be taking action (such as it can) against the holders of accounts used for the dodgy ads.
For its part, Netflix has made a number of appropriate purring noises and advises anyone who notices unusual or unauthorised use of their account, or erroneous charges, to contact customer service immediately.
With the ‘top whack’ Netflix package now a not-unsubstantial twelve quid, and a myriad of new streaming services coming online, we’d say you should expect that 2020 will be not only the year of streaming but the year of credential theft too. μ