The shift towards video streaming has not gone unnoticed by cyber criminals who are now stealing valid user credentials and login passwords – and selling them online or on the dark web at discounted prices.
Thousands of Netflix, Disney+, Netflix and Amazon Prime Video accounts worldwide, among others, are susceptible to be stolen.
US-based cybersecurity vendor Proofpoint says this is happening with victims oblivious that they are sharing their accounts with unauthorised users and malicious actors.
As home-based video streaming surges as social distancing and self-isolation measures are being implemented to mitigate the spread of COVID-19 pandemic, these attacks are also on the rise. Proofpoint’s cybersecurity strategist Adenike Cosgrove said: “Due to the coronavirus pandemic, many are turning to these streaming services for entertainment. Attackers will likely follow this pattern and increase their theft and selling of account credentials.”
Proofpoint explains three key ways that hackers can hijack an account.
The first of which is done through malware, which installs something like a keylogger on a device to intercept the password when a user enters it to log on.
Secondly, the hacker may use phishing attacks to lull people into giving over their passwords – usually through an email that redirects them to a fake login site.
Thirdly, they can also acquire usernames and passwords from a data breach and use combinations of them on different streaming services to try and unlock the accounts.
“It’s worth noting that this is a relatively sophisticated online store process. There are multiple options for sale, the seller offers a warranty and even contact information in case of any problems,” says Proofpoint researchers in their blogs.
In a recent report, content delivery network and security provider Akamai says video and streaming services are a prime target for cyber attackers who conduct regular credential stuffing attacks.
Credential stuffing is when attackers use automated tools to test if a stolen login works on multiple websites or cloud services by taking advantage of the common password practice of using the same login details.
The United States is regarded as the top target for the attackers, followed by India, Canada, Germany, Australia, Korea, China, Gibraltar, the Netherlands, Japan, Italy, France, and Hong Kong.