Internet security giant Kaspersky has released a report saying that it identified over 7 million “compromised accounts” for the best streaming services that have leaked online in 2024 alone.
The details weren’t leaked due to a breach in the security system of the streaming services themselves, but were instead grabbed by other malicious means, such as spyware browser extensions, which scrape the information you type into your computer and send it away to scammers, or fake websites that trick you into entering your account information (known as phishing).
Netflix accounts were by far the majority of the leaked information identified by Kaspersky, numbering over 5 million of the 7 million in total. However, there were also leaked accounts for Prime Video, Disney+, HBO Max, and Apple TV+.
The highest number of leaked accounts appears to be for people based in Brazil, then Mexico, then India – but accounts leaked from everywhere, from the UK to Canada to Australia to Japan.
How big a problem is this?
If your account has been breached, the good news is that it shouldn’t put your financial information in much danger, with a couple of notable exceptions.
Your billing info should be securely stored by all of these streaming services, and not visible to anyone simply browsing your profile if they log in maliciously.
With the likes of Netflix and Disney+ cracking down on password sharing between households, someone using your logins to watch from another country could cause these streaming services to give you a warning about adhering to their terms.
However, the larger danger is whether the passwords involved give them access to other services. For example, if your Prime Video login is the same as your Amazon Prime login, then that one account may mean they can order things online from your account.
Similarly, if your Apple TV+ login is the same as your overall Apple ID login, then someone could potentially spend money from the payment details connected to your Apple ID.
However, Amazon and Apple both support two-factor authentication, meaning the password alone shouldn’t be enough for someone to log into your account – if you don’t have this active, you absolutely should change that now.
However, in all cases, if your password for these services is the same one you use for every other login, then the danger isn’t someone logging into your Netflix – it’s them using the same details to log in as you on online shopping platforms, or other sites where they could do some financial damage.
This is why we always recommend using one of the best password managers, so you have a unique password for every service without the hassle of needing to remember them all. iPhones and Android phones all have this capability built into them.
What should you do next?
If you’re concerned about your accounts for these services, you should log in to them and change your password right away.
In general, activating two-factor authentication on any services that support it is a no-brainer. Netflix, notably, doesn’t offer this option, but it has its own page on how to keep your Netflix account secure.
If you aren’t already using one of the best password managers, now is the perfect time to start. Many of these services will tell you if one of your passwords appears in leaked account information, so you can take action to change it right away.
But also bear in mind how these details leaked: not through hacks of the services, but because people downloaded dodgy browser extensions and software, or were caught in phishing schemes that asked them to enter their details into fake websites.
Being cautious online is just as important as using technical options like a password manager or two-factor authentication.
Kaspersky’s report highlights three things to remember:
- “Always use a legitimate, paid subscription when accessing streaming services and ensure you’re using apps from official marketplaces or the official websites.”
- “Always verify the authenticity of websites before entering any personal information. Stick to trusted, official pages when watching or downloading content and double-check URLs and company name spellings to avoid phishing sites.”
- “Be cautious about the file extensions you’re downloading. Video files should not have .exe or .msi extensions — these are typically associated with harmful programs.”
…
Read the full article here
