Netflix crackdown creates surge in illicit subscription trade

There’s a concerted effort to clamp down on Netflix account sharing in 2023.

In a January 2023 shareholder letter, the streaming giant claimed that upwards of 100 million people worldwide access the site using borrowed accounts, undermining Netflix’s “long term ability to invest in and improve” its service. In an effort to curb the practise, Netflix is now introducing a paid option for users wishing to share passwords outside their immediate household.

Following its initial trial in Latin America in 2022, the new policy has been rolling out worldwide since February this year. The first quarter of 2023 showed a significant subscriber exodus in Spain, one of the first territories affected by the change. Early data from the US, however, suggested the crackdown is having its desired effect for Netflix, with 73,000 average daily sign-ups between May 25 and May 28 – a 102% increase on the previous 60-day average. It is therefore likely that the policy is here to stay, despite a general uptick in cancellations – and the situation has created an ideal opportunity for cybercriminals.

Check Point Research, Threat Intelligence division of Check Point® Software Technologies Ltd., has identified numerous illicit businesses selling low-cost Netflix subscriptions on the dark web.

Researchers have identified a number of channels affiliated with these criminal portals on Telegram, the secure messaging app. Illicit groups sell access to Netflix’s monthly Premium plan through these channels for as little as 190 Indian rupees (just over €2, or US$2.90). These channels claim and promote “full access, effectiveness and legitimacy” to entice potential buyers.

Accounts sold through these portals are typically linked to other online crimes. They are often obtained from compromised credentials or breached user data. Consequently, criminal groups can offer significantly reduced prices, reaping full profits without incurring any costs.

It is also important to highlight that, like any criminal enterprise, these criminals may not uphold their end of the bargain. Check Point Research encountered several instances where users either failed to gain access to the accounts they had purchased, or had their access blocked after a few days, weeks, or months.

Individuals are advised to be wary of paying for unofficial subscription plans. To protect their own data and credentials, Netflix users are additionally strongly advised to restrict shared access to their accounts, and to ensure that accounts are properly secure. To assist with this, Check Point advises the following:

•   Lengthy and diverse passwords: Increase password complexity by using a combination letters (upper and lower case), symbols, and numbers. Longer passwords are harder for criminals to solve, because each new character adds exponentially more options.
•     Memorable but difficult to guess: Avoid using personal data such as birthdays, names of family members, or easily discoverable information. What may be easier for the user is also easier for criminals to crack.
•     Unique passwords: Avoid reusing passwords across different accounts. If you use the same password across multiple accounts and an attacker compromises just one of those accounts, they will gain unrestricted access to all other registered services. This obviously makes remembering passwords more difficult, so consider using a password manager to securely store and manage passwords.
•     Keep passwords private: Never share passwords with anyone or store them in close proximity to a computer. Use password manager tools for secure storage. If any suspicious activity is detected on your account – new profiles or unusual content playback, for example – immediately change your password and check for unauthorized access.

“Cybercriminals often exploit users’ needs and desires, aligning their attacks with ongoing trends,” Eusebio Nieva, Technical Director of Check Point Software for Spain and Portugal, explains. “As with any other domain, it is important to remember that if an offer seems too good to be true, it probably is. Reducing demand is an effective way to counter illegitimate sales on the [d]ark [w]eb and subsequently disrupt revenue streams from these services.”

---

---

---

---