Considering the ridiculous prices that consumers pay for cable subscriptions, $9.99 a month for access to Netflix might seem like a pretty great deal. But despite its relatively low cost, there are still those who are willing to break the law to pay significantly less for a Netflix account. Introducing: the Netflix black market.
In a new report on its official blog, security firm Symantec explains how hackers steal account information from paying users before turning around and putting the information up for sale on the black market.
There are two primary ways that the hackers steal accounts:
- The first involves malware campaigns which fool users into believing that they’ve downloaded official Netflix software (typically with the promise of a discounted or free account). When the user runs the compromised executable, malware is installed on the computer and the attacker is able to lift sensitive information from the user.
- Phishing campaigns are also a fairly common ploy, allowing the attacker to piggyback off of a legitimate user’s account. In order to gain access to the account, an attacker will attempt to redirect users to a fake Netflix website where they will be asked to input their credentials.
Once the attacker has the necessary information, the account is then put up for sale on the black market, with a few important restrictions. For example, the purchaser is asked not to change the password or any information on the account, lest the actual account holder were to receive an alert that would end up locking the black market out.
There are also Netflix account generators with constantly updated databases of stolen accounts:
If you want to make sure your account never ends up in a database like this, never download third-party software purporting to work with Netflix and only enter your account information on official Netflix apps and Netflix.com.