Melbourne-based Prakash* (surname withheld) was caught off guard when he received a notification from his bank informing him that a payment worth $15.80 had been made to Netflix for further usage of the account subscription.
Shortly after, he was hit with a slew of emails notifying him that his login details have been changed, “as you asked.”
Speaking to SBS Punjabi about his ordeal, Prakash said he was alarmed as soon as he read the emails that kept hitting his inbox one after the other - one, because the emails were written in Spanish and second, because he had deactivated his Netflix account over a year ago. 
He immediately rang up on the company’s helpline number and lodged a complaint.
Snapshots of emails received by Mr Prakash- Reset password in Spanish email (L) and Email changed (R). Source: Supplied
Mr Prakash claims that the Netflix agent initially refused to accept that the breach had occurred at their end.
“They checked into their database and informed me that it was indeed my details and that I was accessing the account from Columbia.”
“They even told me that the breach had occurred from my end or perhaps my Gmail ID must have gotten hacked,” he added.
But upon reaching out to Google, Mr Prakash says he discovered that his Gmail ID had not been compromised and instead his personal information had indeed been leaked through his Netflix account.
“I was very sure the breach had occurred from Netflix because I am usually very careful,” said Mr Prakash.
“I do not use public Wi-Fi and if I access my Gmail account, it's either on my private device or through my office laptop, both of which are fully secure.”
Cybersecurity strategist, Matthew Rosenquist wrote in his blog posted on Linkedin that “most successful hackers want full control of compromised accounts.”
“They change the email address to one they own and now they can reset the login password. This gives them the rights to use the account, purchase additional content, and even sell the login to others.”
But Mr Prakash was able to get out of the situation on time, before the scammers could misuse his credit card details.
Netflix eventually deactivated his account and returned the subscription fee. 
Another Melbourne-based man who wishes to remain anonymous told SBS Punjabi that his Netflix account also got hacked in November last year, but the only difference was that his account was active and in use.
Image for representation only Source: SBS
“When I logged in, I saw that there were a number of user profiles all with Spanish names under my account and the user language too had been changed to Spanish.”
“I immediately informed the Netflix helpline and they re-secured my account.”
The said subscriber now has a word of caution for fellow netizens.
“Invest in a password manager, use stronger passwords and avoid re-using them. Enable two-factor authentication on sites, banking alerts and block international transactions,” he warned.
Meanwhile, Netflix has posted its own set of recommendations for users who notice any kind of suspicious activity related to their subscription.
But Mr Rosenquist warns that a foolproof solution is needed to deal with such scammers.
“In the case of Netflix, account compromises will occur often. To deal with these unavoidable situations, it is important to have rapid detection and response capabilities in place,” he wrote.
Share
