Consumer Electronics Daily was a Warren News publication.

Hackers Feeding ‘Black Market’ Economy of Free Netflix Access, Symantec Blogger Says

The global success of Netflix “has attracted the attention of attackers” in the form of malware and phishing email campaigns targeting Netflix users’ information, Lionel Payet, Symantec threat intelligence officer, said in a Thursday blog post. “The details are then added to a growing black market that claims to provide cheaper access to the service,” Payet said. Netflix subscriptions allow one to four users on the same account, he said. This means that an attacker could use a phishing campaign to “piggyback on a user’s subscription without their knowledge,” he said. “In these phishing campaigns, attackers redirect users to a fake Netflix website to trick users into providing their login credentials, personal information, and payment cards details. These tactics are not uncommon; cybercriminals are still using them on a daily basis.” The bigger problem is that the attackers “may not just keep this access for themselves,” he said. “There is an underground economy targeting users who wish to access Netflix for free or a reduced price. The products could even allow customers to open their own illegal store.” The most common illicit offers are for access to existing Netflix accounts, Payet said. “These accounts either provide a month of viewing or give full access to the premium service. In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. This is because a password change would alert the user who had their account stolen of the compromise.” For their own protection, Symantec “advises users to only download the Netflix application from official sources,” he said. “Additionally, users should not take advantage of services that appear to offer Netflix for free or a reduced price, as they may contain malicious files or steal data.” Netflix representatives didn’t comment.