Hi guys.
Share a netflix account with some family members and alarm bells went ringing when I went to watch something and someone had changed the preferred language to Arabic + Arabic subtitles ?
Went into my account and can see some buggers from Turkey and Holland have been using the account, my sister changed the pass to something much stronger as it was a weak password.
Has this ever happened to you guys and should I be worried, also how on earth did this happen did they run a password generator or something ? Thanks
Thereās a big market online for stolen media streaming accounts, Netflix and Spotify users are the biggest victims of this. The typical situation is this:
You use a password for Netflix that you also use on another service
The other service is compromised
All passwords and email addresses are leaked from the compromised service
Malicious people check every leaked password and email combination on Netflix (and other services)
When a password and email combination are found to work on a service, the account details are noted down as valid
The valid account details are now sold, often for ~$1, typically with the advice ādonāt change any settings so that you can keep using the account indefinitelyā. The goal isnāt to steal your account from you, itās to have cheap access to these services, changing your password will resolve the issue ā also change your password anywhere else that same password is used.
The protection against this attack is: do not use the same password on multiple websites. Thereās also a small chance this came about from phishing, but very unlikely.
If you reuse your password anywhere then it could have been compromised from there. Check your email address(es) on: https://haveibeenpwned.com/ and start using different passwords everywhere
Seeing as youāve changed it and only used it for Netflix what was the old password?
There are lists of the top 100 passwords
Fairly easy if you get an email to write a program to cycle through those passwords
As to where they got the email it is possible Netflix had a leak of emails like twitter did not too long ago. Not always reported especially if things like bank details not leaked
Did you see @glasgow 's advice above? Check your email with the haveibeenpwned service. Passwords are irrelevant. Leaked email addresses attract people who then apply these email addresses into popular services using passwords which, in your own words, are āeasy onesā.
It is easier than people think to gain access to online services with someone elseās credentials. Once they do - without any warning to the actual user - the actual user needs a big paddle to get out of creek faster than fast.
āHardā passwords and 2FA are needed. If you purposely make it hard for yourself to log into an online service, itāll be even harder for someone else to get in there.
Itās also worth using a password manager, that way all your passwords can be difficult and you donāt need to remember them.
Use long strings of words with altered case and swap out letters for example use Z for S as this stops dictionary attacks.
If they have your account, they now have your email, a phone number of yours, possibly your mobile. If itās your mobile, contact your provider as your at risk of a SIM swap attack. Depending on how you pay, they have some of your credit card details and possibly your address. If youāre not already, use PayPal with 2 factor.
My LG Tv doesnāt remember the password even when you click remember. It was so frustrating. Luckily sky have added a Netflix app on SkyQ and that seems to remember it so Iāve only had to do it once since then