Hackers hijacking thousands of Netflix and Disney+ accounts

Millions of people around the UK and the wider world are turning to streaming services like Netflix and, now, Disney+ to cope with the realities of self-isolation.

Streaming services are reporting such huge spikes in demand that Netflix and Amazon Prime are downgrading the quality of their streams in order to save bandwidth.

And now security researchers have warned that cyber criminals are using the coronavirus pandemic as an opportunity to hijack other people’s streaming accounts to watch content for free.

‘As people around the world are being asked to remain in their homes due to the coronavirus pandemic, many are turning to these streaming services for entertainment,’ explained Proofpoint international cyber security strategist Adenike Cosgrove.

‘Attackers will likely follow this pattern and increase their theft and selling of account credentials,’ he wrote in a blog post.

‘We recommend that consumers take a few simple steps to protect their accounts and identify and remove any unauthorised users.’

Stolen logins for streaming accounts are usually sold on the dark web for much, much less than the monthly subscription the companies charge. Often, users are completely unaware that their accounts are being used elsewhere.

Proofpoint explains three key ways that hackers can hijack an account. The first of which is done through malware, which installs something like a keylogger on a device to intercept the password when a user enters it to log on. Alternatively, the hacker may use phishing attacks to lull people into giving over their passwords – usually through an email that redirects to a fake login site.

Lastly, it’s also common practice to acquire a load of username and passwords from a data breach and use combinations of them on different streaming services to try and unlock the accounts.

‘The best ways you can proactively protect your streaming credentials are to keep your operating system, browsers and plug-ins up to date and never click links embedded in emails or attachments to visit a streaming site, it is always best to type a web address directly into the web browser yourself,’ Cosgrove concludes. 

‘It is also important to always use a unique strong password for each of your streaming sites, ideally in conjunction with a password manager.

‘Additionally, many streaming services now provide an option that notifies you anytime a new device connects to your account. Selecting this option will allow you to verify that each device is authorized and take action if it is not.’

Being vigilant over your login credentials is only going to get more important as millions of people in the UK and around the world switch to virtual services for our work and entertainment as the coronavirus crisis continues.

Source: Read Full Article