Thursday, 11 February 2021 18:36

Are strangers using your Netflix and Spotify accounts? 174,800 leaked accounts found

Photo by Natalia Vaitkevich from Pexels - Additions by Alex Zaharov-Reutt from Pixabay - Click to enlarge Photo by Natalia Vaitkevich from Pexels - Additions by Alex Zaharov-Reutt from Pixabay - Click to enlarge

Cybersecurity researchers have discovered hundreds of thousands of leaked streaming service accounts, with damages estimated to have reached $38M. NordVPN has some advice on how to stop this from happening, and what to do to keep your accounts safe.

NordVPN, in cooperation with cybersecurity researchers, has found stolen data records from 16 million computers worldwide. The company notes the stolen data “ended up on the dark web after the computers got infected with Zeus, Pony Stealer, RedLine, Raccoon, and dozens of other types of malware built specifically for capturing login credentials saved on computers. As a result, 174,800 content streaming accounts ended up on the market for a resale.”

What has been stolen?

Daniel Markuson, a digital privacy expert at NordVPN said: “If you have ever saved your credentials in a browser, including your streaming service logins, your home address, or, even worse, your credit card data, malware like Zeus, Pony Stealer, RedLine, or Raccoon would take it all.

“More than that, bad actors also get information about your usernames, location, and hardware configurations and might take control over your device. Malware like that is not easy to get. It’s sold underground on a subscription basis.”

NordVPN’s data breach research partners evaluated a database that contained information leaked from 16 million computers in total, and estimate that the damage inflicted on users of streaming services alone could round up to $38M, with the damages calculated based on the most popular streaming service premium plan price for 12 months.

We’re told that Netflix users suffered the most: 61% of all stolen streaming credentials are associated with one of the most popular streaming platforms online. This was followed by Spotify (25%) and Amazon Prime (7%). Combined with Hulu, Vimeo, and Disney+, 174,800 thousand accounts have been stolen and are now being sold online.

Who was most affected?

According to NordVPN’s researchers, “half a million American internet users and more than a third of a million Canadians managed to download and install the malware that stole their credentials”.

Markuson added: “One day, these people will find themselves locked out of their accounts, unable to access it because the account got sold, its password changed, and the initial email associated with it replaced.”

However, users from the US and Canada are not the ones who were affected the most. NordVPN notes that “as many as 1.8M Indonesians got their data stolen and leaked, and the country alone represents 11.4% of all infected devices in the world. India, Brazil, and Argentina come next, with 1.2M computers affected each.”

Malware that extracted information from 16M internet users worldwide is built to harvest information from browsers.

Australia is not in the top 20 list, but that doesn’t mean Australians shouldn’t be complacent, nor anyone from any country. After ,all, Australia did hit the list in 35th spot out of 99 countries) with 89,740 computers affected - has your account been stolen?

Here is the list of the top 20 countries by the number of computer users affected by the data leak the cybersecurity researchers discovered:

Country           Computer users affected

1 Indonesia     1,826,949
2 India             1,259,684
3 Brazil            1,159,770
4 Argentina      1,150,360
5 Pakistan        541,667
6 Italy               516,479
7 U.S.               511,176
8 Russia           487,224
9 Philippines    389,703
10 Egypt          388,206
11 Vietnam      371,899
12 Canada       368,334
13 China          358,670
14 France        300,398
15 Spain          284,444
16 Thailand      246,337
17 Turkey         233,684
18 UK               214,864
19 Bangladesh 214,620
20 Ukraine        202,555

What happens to stolen Netflix accounts?

We’re told that streaming service accounts are a very common exchange unit on the dark web.

Here, Markuson says he has “observed hackers simply sharing it for free, as it takes almost no effort to obtain them. On the other hand, eBay and other classifieds are full of offers to get access to a streaming service for half the price.

“One listing on eBay reads: “Netflix Account Premium 4K ultra HD 4 Screens 12 Months. Instant delivery within 1 min to 12 hours Worldwide. You can change your password, your email and your phone number. Works on your TV, computer, smartphone and tablet.” The price for the stolen annual subscription is US $19.99, when the official one costs $215.88.

“There is no doubt such accounts came from leaked computer data or acquired through other illegal activities. People who think it's a good idea to spend your money on that are contributing to theft,” continued Markuson.

So, how can you protect your data from being stolen and streaming service accounts from being taken over?

NordVPN tells us “Netflix and other streaming services accounts found by the cybersecurity researchers got leaked after users injected their computers with malware by clicking on a link or file distributed via email or private messaging apps.

“Such attacks often succeed for two reasons: lax cybersecurity protections and human error. Criminals prey on urgency and deceit.

“People think they are clicking on a link or opening an attachment from a trusted source provided in an email. Once they do, malware code gets executed on their device and secretly starts draining data from the victim's computer.

“Before opening any link or any attachment whatsoever, one must be 100% sure it’s legitimate,” warned Markuson.

According to the cybersecurity expert, “Another issue is that people barely use cybersecurity protections like VPN and antivirus. And, if they do, they fail to keep them up to date. The combination of the two could block the way to malware installation.

“What people must understand is that the stolen login credentials to streaming services are just a fraction of what has been leaked. Unencrypted files ended up on the dark web too. The best way to prevent this from happening to you is to start using protection tools like NordLocker that encrypt data and keep it safe in the cloud. Without a decryption key this information is useless,” Markuson concluded.

iTWire’s advice is simple:

  1. Use a password manager. Personally, I’ve been using 1Password for years, but Nord also has a solution called NordPass which is one of the many password managers out there that can ensure you have a different password for each account, and that the password used is long and complex - and you only have to remember a single password to access all the others.

    A password manager also fills out the username and password for the sites and apps that need it.

  2. Change your passwords on a regular basis - at least every six months. Yes, it’s a pain to do this, but if you change your passwords regularly, then even if they leak, they’ll be out of date. Change your Netflix, Spotify, Apple ID, Google ID, your phone login code and more. 

  3. Activate two or multi-factor authentication. Whether it’s the Google Authenticator or similar apps, it’s safer and faster than receiving a text message with a code to type in, and most major online services offer this capability.

  4. As Markuson advises, use a VPN and use Internet security software. Whether that software is Acronis, Norton, Kaspersky, AVG, Avast, Trend Micro, BitDefender, Malwarebytes or others, it’s vitally important that you use these. Personally I like to use one of these solutions plus Malwarebytes plus a VPN, with NordVPN the particular VPN that I use, but there are several reputable ones to choose from (and several dodgy free ones too, which you should avoid).

  5. Update your apps, update your OS, and have at least one physical and one cloud-based backup.

  6. Finally, as Markuson notes, be wary of attachments in emails, pop-ups on websites promising updates of Abode products and downloads from the Internet that you’re unsure about. Also, if you think you’ll save money by looking for and installing pirate software, that kind of software is almost always packaged with malware, which can prove to be very expensive.

So, with major companies and online services seeming to be breached every week, if not every day, it really is important to use strong passwords and use affordable software to protect your digital life and your bank account. Be safe!

Read 4840 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News