Video and audio streaming services continue to disrupt the entertainment industry. Services like Netflix, Hulu, Disney+, Spotify, and Apple Music have revolutionized the way we access and consume movies, TV shows, and music. This massive shift has not gone unnoticed by attackers, who have found a way to steal consumers’ valid streaming credentials and sell them for extremely discounted prices. When this happens, many times the account holders don’t know that they’re sharing their accounts with malicious actors/unauthorized users.
Proofpoint researchers have looked into this problem more closely to detail how this is happening and what you can do to protect your accounts.
How Streaming Credentials are Stolen
There are three ways attackers steal valid streaming service credentials: malware, credential phishing, and previously stolen credentials combined with password reuse.
Malware encompasses any type of malicious code that is typically delivered via email or websites and then installed on systems and servers with the aim of disrupting, disabling or taking control of these computing devices. To dodge detection, attackers will hide malware in files, mask it to look like legitimate applications or use other obfuscation techniques to bypass security controls and user detection.
Certain types of malware are designed to search and steal account information. These keyloggers and “information stealers”, among others, have been around for years and are regularly used to steal usernames, passwords, and credit card information. This means if your system or device becomes infected, attackers are able to steal your credentials along with other valuable information.
We often see threat actors launch credential phish attacks to access valid streaming service credentials. Credential phishing typically starts with an email that claims there’s an issue with your streaming account that requires your immediate attention, like a payment issue or an update to your billing address, and tells you to click the link to go into your account and correct it.
If you click the link, you’re taken to a site that’s made up to look like the official site’s home page. These sites are often near-perfect copies of the legitimate sites, which can make it hard to distinguish from the legitimate sites.
In Figure 1 you can see an example of a Disney+ credential phishing site.
Figure 1 Disney+ Credential Phishing Site
In Figure 2 you can see a Spotify credential phishing site.
Figure 2 Spotify Credential Phishing Site
In Figure 3 you can see a Netflix credential phishing site.