Why pay $10 per month for a Netflix account when you can buy the login to someone else’s account for just a few dollars?
That seems to have been the attitude of thousands of global streaming service users in recent years, following the revelation of a global subscription services password syndicate by Australian Federal Police (AFP) and Federal Bureau of Investigation (FBI).
A 21-year-old Sydney man has been revealed to be the mastermind behind the operation, with authorities estimating he made around $300,000 from selling almost one million Netflix, Spotify and Hulu account details on his site ‘WickedGen.com’.
“WickedGen operated for approximately two years selling stolen account details for online subscription services, including Netflix, Spotify and Hulu,” said the AFP in a statement.
“The accounts details were from unknowing victims in Australia and internationally, including the United States.”
The AFP states that the stolen account details were obtained through “credential stuffing” – a form of cyber attack where a large number of previously ‘spilled’ credentials are automatically entered into a website until they are matched with an existing account.
It is a technique that works on the assumption that people reuse the same login credentials across multiple platforms.
WickedGen offered a number of different packages, including a $4.99 ‘lifetime’ Netflix account.
The man in question has been changes with an array of offences, including: unauthorised access to restricted data, providing a circumvention service for a technological protection measure, dealing in proceeds of crime and dealing in identification information.
The most serious charge carries a maximum penalty of 20 years imprisonment.
Who else is guilty?
It is not just illegal sites like WickedGen facing scrutiny for illicit credential sharing -- everyday password sharers on these streaming services may soon face a crackdown.
A UK-based video software firm has developed an AI-driven tool that will allow platforms like Netflix and Spotify to pick up on unusual activity in accounts, such as accounts being used in two locations at once.
Unveiled at this year’s Consumer Electronics Show (CES) in Las Vegas by Synamedia, ‘Credentials Sharing Insight’ aims to put an end to casual password sharing.
Password sharing represents a growing amount of lost revenue for these streaming services, one study showing that 26% of streaming service users aged between 22 and 40 used a password for someone else’s account to watch their favourite shows.
The 18 to 21-year-old demographic had an even higher number of offenders, with 27% of respondents confessing to password sharing.
While Synamedia has so far inked partnerships with the likes of Sky in Europe and TrueVisions in Thailand, it has yet to land Netflix as a client, meaning the freeloaders are safe for now.