Academy Award Winning Roma May Inspire Increased Netflix Hacker Activity

roma-netflix-poster-review-2018

The 2019 Academy Awards, which further popularized Netflix's Best Picture-nominated movie, Roma, may provide additional inspiration for hackers looking to obtain Netflix users' login credentials. On Sunday night during the awards show, some Netflix users received notifications about new sign-ins into their accounts. The email below, shared with us by a Netflix account holder, indicates that an unknown user logged in to her Netflix account at about 10p on February 24, 2019, during the broadcast, from a computer in Asunción, the capital of Paraguay. The legitimate owner of this account lives in Charlotte, North Carolina. 


                         IMG_5643                         IMG_5644


Hackers obtaining credentials into Netflix accounts is not a new phenomenon. Over that last few years, it has been reported that logins to entertainment services like Netflix, DirecTV, HBO GO, and Hulu are being sold on the Dark Web. This report indicates that on average, an account’s credentials are selling for $8.71.

Below is information from Netflix's help page about what to do if an unauthorized person is accessing your account:

Someone is using my Netflix account without my permission.

If you believe someone has used your Netflix account without your permission, you can check your recent viewing activity to see which titles were viewed. You can also check your Recent device streaming activity page, which will display the date and time of access, the country, state, and IP address the content was streamed from, and the device type used to stream. Please note that location information is approximate and determined by where the detected IP address is registered.

If you're seeing unexpected streaming activity on your Netflix account and none of your devices have been stolen, we recommend you change your Netflix password to make sure no one else can access your account without your permission. You can also sign out of all devices connected to your account to disconnect any unauthorized devices. This method of deactivation will disconnect all devices currently connected to your Netflix account, but may take up to 8 hours to take effect. This method will also clear the location data associated with your devices, so do not deactivate your devices this way if you believe your device has been stolen.

The account holder from Charlotte who received the new sign-in notification from Netflix, subsequently received an email indicating that her login email was changed and she could no longer use her account. This required the user to call Netflix to shut down the account.

Hackers are always looking for ways to gain access to valuable data, so stay vigilant. Watch your accounts for signs of unauthorized access. Otherwise, someone across the street, across town, or across the world could be watching your Netflix shows or worse, selling your credentials.