Just a couple of days after Disney launched its new streaming service – Disney+, thousands of user accounts were taken over and put up for sale online for prices ranging from as low as $3 to $11 per account. A couple of months earlier, it was reported that a Westminster woman had her Hulu and Netflix accounts hacked too.
Clearly, hackers are targeting streaming services in order to collect account information that can be sold later on. What are the common tactics employed in these attacks and how can you protect your streaming service account from being hacked? Let’s find out.
In the case of the Disney incident, Disney said that there was no indication of any security breach. So how, then, did the rogues gain access to the user account data of certain customers? Well, they evidently employed a relatively straightforward technique known as credential stuffing.
Credential stuffing involves taking username, email, and password combinations from previous data leaks on other services, and trying them on giving service to see if any work. There are credential stuffing tools on the internet that automate the process.
As many individuals reuse username and password combinations very often, it’s quite easy for hackers to get a considerable amount of matches. What’s more, there have been a number of high profile breaches in recent years that have made such username and password combinations readily available to hackers.
An easy way to protect yourself from this technique is to always use unique passwords when signing up for online services. Avoid reusing username and password combinations that you’ve already used on other services. Since it can be a challenge to come up with and remember a unique password for every service you sign up for, password managers are a great idea. When you use a password manager, you can rest assured that all your passwords are strong and unique.
Another way hackers can gain access to your account is through phishing. Phishing occurs when hackers successfully trick unsuspecting individuals into entering their login credentials into a fake login form. The process often involves the use of emails that contain fraudulent links to fake websites that ask you to input your username and password.
To protect yourself from phishing attacks, make sure to carefully inspect emails with links asking you to sign in to a certain service to ensure that they’re genuine. Most phishing emails give themselves away in one way or another, either through misspellings or bad grammar. It’s also wise to enable 2-factor or multi-factor authentication whenever possible.
Keylogging, as the name implies, involves the use of malicious software to track the strokes a person types on a keyboard. Keylogging can be a very effective means of obtaining a person’s credentials.
Keylogging requires that the hacker first gain access to your computer before compromising it with keylogging malware. Even if you have strong, unique passwords, if your computer’s security is compromised, hackers can very easily obtain your passwords when you type them in to log into your accounts.
To protect yourself from keylogging, use a solid security solution that is able to detect keylogging activity. You can also get around this technique by using a password manager that automatically fills in your login data, thus, requiring no key logs.
Password spraying is somewhat similar to credential stuffing. In this technique, a hacker attempts to log in to a certain user’s account by using a list of common passwords such as ‘123456’, ‘password’, and ‘qwerty’.
Many people fall into the trap of using these commonly used passwords because they fail to realize the importance of using truly unique passwords. This makes them easy prey for hackers using the password spraying technique. Of course, the easy way to avoid being hacked by password spraying is to use unique passwords.
In addition to the methods listed above, hackers also try to steal passwords using brute force, extortion, and trojan horses. Using strong passwords is an easy way to protect yourself against most of these techniques. Combined with extra-layers of security such as multi-factor authentication, having complex and unique passwords greatly reduce your risk of getting hacked.
Another way to avoid having your streaming service account compromised is to use a VPN. VPN services enable you to stay safe and anonymous on the internet. What’s more, with a VPN service, you can bypass geo-blocking restrictions and watch any content you want from any location in the world.
If you use Netflix, for example, it’s quite easy to change Netflix region with the right VPN service so you can access the movies and TV shows you’re interested in. As hackers continue to devise new ways to target streaming services, you can protect yourself by applying the tips discussed above.