Check your passwords streaming video account theft booms in lockdown
Selling access to hacked streaming accounts is big business during the pandemic, so if you make the mistake of reusing passwords it may eventually come back to haunt you.
While streaming video services have enjoyed a boom during lockdown, so have people who sell stolen passwords.
The black market is thriving, with an audit of the dark web last year revealing 15 billion stolen logins obtained from 100,000 data breaches.
Youâre the one paying for your streaming subscriptions, but you might not be the only one watching.
Even if your own security is up to scratch, your streaming accounts are still at risk if youâve made the mistake of using the same password on different services.
When a new user profile âEveâ first appeared on the home screen of my Stan account (owned by Nine, the publisher of this masthead), I wasnât worried. Iâll confess that Iâve shared my account with elderly relatives to help them pass the time during Melbourneâs lockdown, so I figured theyâd decided to make themselves at home.
A quick phone call revealed that the mystery Eve was not someone I know, so I decided to dig a little deeper.
Checking the list of devices which had recently accessed my account, I discovered a smart TV located in Sydney. Trawling through Eveâs viewing history, sheâd only started watching a few weeks earlier; just as Sydney had gone into lockdown.
My hospitality only extends so far, even during a global pandemic, so I decided to show Eve the door. From the Stan menus, I went to the account management settings and clicked âLog out of all devicesâ. Then I changed my password so she couldnât get back in.
The big question was, how had Eve accessed my account? And why was she bold enough to bring attention to herself, rather than just lurking in the background using my user profile?
Consulting my password manager revealed the likely answer: I had foolishly reused the same password with a different online service. As a long-time technology journalist, Iâm constantly warning readers that reusing passwords is the cardinal sin of security, but Iâd gotten lazy and paid the price.
As an extra security precaution, I often create an email alias when signing up for a new service. It sounds like a hassle, but it makes it harder for people to hack into my accounts if they donât even know the right email address to log in with.
Many years ago, I used the same email address and password I used for Stan to sign up for a DNS redirection service that let me beat geo-blocking to sneak into US Netflix. My best guess is that hackers stole the DNS serviceâs long list of user emails and passwords.
Perhaps those hackers sold the list on the dark web, or perhaps they made it public in a massive data dump. Either way, someone got their hands on the list and automatically scanned online to see if those email and password combinations worked with other services. Itâs a technique known as âcredential stuffingâ, and they hit the jackpot when they got to my Stan account.
So my working theory is that someone in Sydney, rather than signing up for a Stan account, decided to buy login details from a dodgy website on the cheap to get them through lockdown. Perhaps they thought it was legit, considering the fact they felt comfortable enough to create their own user profile rather than hide in the shadows.
I know lockdown is tough, but Eve will have to watch the end of Miracle Worker: Dark Ages elsewhere. Meanwhile, Iâm going back to double-check my list of old passwords to make sure I havenât left the door open to any more uninvited guests.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.
Adam Turner is an award-winning Australian technology journalist and co-host of weekly podcast Vertical Hold: Behind The Tech News.
0 Response to "Check your passwords streaming video account theft booms in lockdown"
Post a Comment