Several hundred thousand hacked streaming platform accounts are available for sale on black markets. Who do they belong to and how do hackers go about hacking them? Here are some answers.
Screenshot of the Netflix login page. © VadeSecure.
Victims of their success, streaming services such as Netflix, Amazon Prime Video, HBO Now, Spotify and even Deezer are now a prime target for hackers. Netflix, which has no less than 5 million subscribers in France alone, is undoubtedly the most pirated platform. As a result, hundreds of thousands of hacked accounts are offered for free sale on black markets (black markets) at prices varying between only 1,5 and 3 €. In a study aimed at raising awareness and helping Internet users to better protect themselves, Sébastien Gest, “tech evangelist” at Vade Secure (a Spanish specialist in email protection), reveals how hackers manage to hack a Netflix account in three steps.
Step 1: Phishing campaigns
As with many computer attacks, phishing remains the tool of choice for hackers. Attention, this method of intrusion as old as the web has evolved a lot. To deceive the vigilance of Internet users, hackers now treat their phishing campaigns with fake emails more real than life: “Netflix is one of the most impersonated brands in the world in the context of phishing attacks. These fake emails - usurping a brand and its graphic charter - have only one purpose: to invite the recipient to perform an action, i.e. click on a link releasing malware, pay a sum online, etc.”, explains Sébastien Gest.
Number of weekly new phishing pages spoofing the Netflix brand. © VadeSecure.
As the graph above shows, the Netflix brand is the subject of an impressive amount of phishing campaigns. According to Vade Secure, more than 4 phishing pages can be created in certain weeks! “These pages do not all have the same purpose: some usurp the account creation and payment page, while others usurp the account login page”, specifies the specialist. Particularly sneaky, the hackers also carry out parallel email campaigns based on the model of those sent by Netflix to its subscribers on the occasion of the release of new seasons of popular TV series, such as La Casa de papel or Black Mirror, for example. Vade Secure also alerts users to “fake” emails from Netflix asking them to reactivate their account. Whether operators, banks, administrative bodies or streaming services, it must be kept in mind that in the context of the fight against phishing, they never ask Internet users to click on a link. in an email to pay a bill, reactivate an account, or update contact information.
Account creation page on Netflix. © VadeSecure.
Step 2: account hacks via telecom operators
According to Vade Secure, the second tactic employed by hackers consists of hacking Netflix accounts subscribed via a telecommunications operator. “Few consumers know this, but it is now possible to create an account through your telephone operator. In the 'subscription options', it is possible to find a 'partners' section including third-party services on demand”, she explains*.* It is by hacking into this type of account that cyber-thugs would manage subscribe to a third-party account and then resell it on the black market without the knowledge of the subscribers. This scam would work particularly well with families who have subscribed to mobile telephony and Internet plans with the same operator and for whom the increase in the price of the subscription of a few euros per month often goes unnoticed.
To avoid this kind of unpleasant surprises, it is therefore advisable to regularly check your invoice statements. The methods used to hack a smartphone and subscribe - in this case - to a third-party account without the knowledge of its owner are now very numerous. This can be a person who has access to the terminal for a few moments, a takeover or a remote intrusion via a poorly secured Wi-Fi network, a malicious application, a phishing trapped in the colors of the operator, etc.
Offer to subscribe to a Netflix account from the operator Bouygues Télécom. © VadeSecure.
Step 3: human flaws
The third step mentioned by Vade Secure may make you smile, but it is much more frequent than you might think. These are accounts left in free access in hotel rooms, AirBnB rentals or others. “The main video-on-demand services are now natively integrated into the new connected televisions. It is therefore not uncommon to find this type of television in a hotel or AirBnB rental. A common mistake is not removing access to your account before leaving the premises. It is common to find forgotten accesses on this type of equipment allowing access to the email and telephone number of the user lacking vigilance”, concludes Sébastien Gest.
Hackers exploit Netflix accounts left open on connected TVs. © VadeSecure
Human errors due to inattention, carelessness or lack of knowledge of Internet users' risks are still the main flaws exploited by hackers. In conclusion, vigilance at all times is required to preserve one's security in the digital world...