Have you secured your streaming services’ accounts? Are you sure someone else, unbeknown to you, isn’t using them as well?
As people around the world are being asked to remain in their homes due to the coronavirus pandemic, many are turning to streaming services such as Netflix, Hulu, Disney+, Spotify, and Apple Music for entertainment, Proofpoint cybersecurity strategist Adenike Cosgrove notes.
He also posits that, despite cybercriminals having been compromising users’ streaming services’ accounts for ages, they will now likely increase their efforts.
How do criminals usually steal streaming credentials
Streaming credentials are usually stolen via malware (information-stealing Trojans) or fake login/phishing pages:
Criminals are also trying out credentials leaked after data breaches. If the user has reused them for their streaming accounts, their compromise is, effectively, just a matter of time.
Finally, they sell the compromised login credentials for a fraction of the price of a legitimate subscription:
“At this point there is a very mature, operationalized market for stolen streaming credentials,” Proofpoint researchers noted. “When attackers get your streaming credentials, they sell them to others who will use them to log on and piggyback off of your streaming services, likely without you even knowing it.”
What can you do to protect your online streaming accounts?
None of the aforementioned streaming services have made available the two-factor authentication option for their customers, so the security of those accounts still depends on users:
- Choosing a strong, long and unique password that they will not reuse for other accounts
- Being able to spot and avoid phishing pages
- Being able to avoid getting infected with info-stealing malware.
The researchers advised users to keep their operating system, browsers and plug-ins up to date and not click on links embedded in emails or attachments to visit a streaming site.
“It is also important to always use a unique strong password for each of your streaming sites, ideally in conjunction with a password manager,” they added.
“Additionally, many streaming services now provide an option that notifies you anytime a new device connects to your account. Selecting this option will allow you to verify that each device is authorized and take action if it is not.”
Users who by reviewing recent streaming activity associated with the account spot an unknown device logged into it, should first change the account password then sign out all devices and, finally, sign in again with the new password. This will lock any unauthorized user from the account.
It’s good to add that if your account has been compromised, so has the information it holds, including payment card information. Users would do well to cancel that card and be on the lookout for fraud and identity theft attempts leveraging the compromised information.