Attractive Netflix subscriptions for peanuts make monkeys of buyers

Check Point Research identifies criminal groups selling low-cost Netflix subscriptions on Telegram and the dark web.
4 August 2023
Getting your Trinity Audio player ready...

Netflix is trying harder to stop account sharing in 2023 in an attempt to prevent revenues from slipping in the face of competition from new (and well-funded) alternative streaming services.

According to a 2023 letter to shareholders, the company stated that over 100 million people worldwide were accessing the company’s media via shared accounts – a practice that it had been quietly ignoring until now. The use of a single Netflix account for several people or households undermined Netflix’s “long term ability to invest in and improve,” [pdf] the company said. To encourage genuine family sharing, it introduced an approved option for password sharing outside a household, available at a slightly higher price. This was designed to allow, for instance, students to use their parents’ Netflix account while away at college, or where families live separately.

This new option was trialed in Latin America and since has been rolling out worldwide. Geographies affected include Spain, where there has been a significant drop in the number of subscriptions to the service in general. In the US, however, there were around 73,000 average daily new sign-ups to Netflix in the first three days of the scheme’s introduction, a rise of 102% on the previous 60-day date range sampled.

Check Point Building, Tel Aviv. Source: Kimmel Eshkolot Architects

But the company’s new policies have created, or at least given new impetus to, a market in illicit account credentials. Check Point Research has identified numerous illegal operations selling low-cost subscriptions on the dark web. A popular channel to entice this trade is the privacy-focused messaging app Telegram, where details of accounts are available for as little as 190 Indian Rupees (around $2).

Many accounts for sale are derived from compromised personal credentials available after data breaches. That contradicts rogue traders’ claims that the accounts provide “full access, effectiveness and legitimacy.” Stolen credentials sold in this way often do not work ‘as advertised’ either because they are fictional or are for accounts that have been closed or had their passwords reset by the genuine owners. Individuals looking for cheap Netflix account details should be wary, therefore, of any such offers as there’s clearly no recourse for the buyer disappointed with their dubious purchase.

“Cybercriminals often exploit users’ needs and desires, aligning their attacks with ongoing trends,” said Eusebio Nieva, Technical Director of Check Point Software for Spain and Portugal. “As with any other domain, it is important to remember that if an offer seems too good to be true, it probably is. Reducing demand is an effective way to counter illegitimate sales on the Dark Web and subsequently disrupt revenue streams from these services.”

Check Point advises all Netflix users to choose lengthy and difficult-to-guess passwords (and reset passwords if necessary) to lower the chances of their accounts being resold. It advises longer passwords: each additional character in a password adds exponentially more options attackers have to try to brute-force their accounts.

The company advises using password managers, tools that can create cryptographically strong passwords and store them for users. Passwords should also be unique to every online account. Use of the same password, or a simple variation on a single password, means that a single data breach of an individual’s account on an unrelated service (such as an online shopping service) effectively opens up all the user’s accounts for online trade or illegal use.