Zero chill: Netflix account theft on the rise

Netflix account theft is on the rise according to Symantec's 2016 Internet Security Threat report. The streaming service's global expansion has led to an increased number of phishing scams and malware targeting Netflix subscribers with the hopes of obtaining their login credentials.

While cyber-criminals are often on the prowl for email accounts, credit card details, or healthcare information, stolen Netflix accounts provide crooks with a different path to monetisation. Symantec Security Expert Nick Savvides compares it to "selling stolen goods at the pub".

"The Netflix [situation] is an interesting one, as typically people would use stolen information for identity fraud," Savvides told CyberShack."Netflix theft is a very different way of monetisation based on selling credentials to a legitimate service."

Netflix credentials are typically stolen through phishing scams and malware. These phishing attempts will often take the form of a well-crafted email informing users of a problem with Netflix account, while malware will masquerade as a legitimate Netflix app in the hopes of nabbing passwords. Savvides says cyber-criminals are typically able to sell credentials at USD$0.25 per account (healthcare information goes for around USD$40, for comparison), but instead prefer to bundle them up in groups of a 1000 at a price of USD$300 or so.

The stolen credentials are then bought by individuals running illegal Netflix businesses, which Savvides describes as "parasite services". Illegal Netflix resellers then offer Netflix for as little as USD$1 per month. If an account stops working, the buyer is simply provided with a new set of credentials. In some cases, users can buy a lifetime of black-market Netflix for USD$30.