Unauthorized access unveiled: Is the security of your Netflix, Disney+, Amazon Prime Video accounts compromised?

Unauthorized access unveiled: Is the security of your Netflix, Disney+, Amazon Prime Video accounts compromised?

In a significant cybersecurity alert, global security firm Kaspersky has disclosed that approximately 7 million user accounts linked to popular streaming services were compromised in 2024. Affected platforms include Netflix, Amazon Prime Video, Disney+, HBO Max, and Apple TV+.

Unlike conventional data breaches caused by direct hacks, the account takeovers were primarily the result of spyware infections, phishing scams, and fake browser extensions. These deceptive tactics are used by cybercriminals to persuade users into inadvertently surrendering their login credentials.

Additional Read: UAE Cybersecurity experts sound the alarm over AI photo apps

Streaming heavyweights targeted in this breach employed a range of strategies to safeguard user accounts from cyber threats and phishing attempts. Key security measures included:

1. Multi-Factor Authentication (MFA): This security layer requires users to provide additional verification methods, beyond their password, thereby significantly reducing the risk of unauthorized access in case of compromised passwords.
2. Strong Password Policies and Password Managers: Encouraging users to set strong, unique passwords and using password managers to store these securely helps prevent unauthorized access.
3. Monitoring and Account Security: Regular monitoring of login history and connected devices allows for the detection of suspicious activity and subsequent password changes.
4. Secure Content Delivery: Advanced encryption standards and DRM systems protect content from piracy while CDNs distribute content across multiple servers, further enhancing security.
5. Anti-Phishing Measures: Users are advised to avoid clicking on unsolicited links and directly access services through their browsers to prevent falling victim to phishing attempts.
6. Secure APIs and DDoS Protection: Robust API security and protection against DDoS attacks ensure user data and service integrity.
7. New Authentication Methods: Some platforms are investigating alternative authentication methods to replace traditional passwords, providing enhanced security and convenience.
8. Password Sharing Policies: Stricter policies on password sharing offer a way to maintain account security while encouraging legitimate subscriptions.

Kaspersky detected over 96,000 attempts to spread malware disguised as the names of these five streaming services. The highest number of affected users were from Brazil, followed by Mexico and India, though victims were reported worldwide.

Stolen accounts are often sold or shared on underground forums, potentially putting millions at risk of account takeovers, data theft, or financial fraud when the same login details are reused across various services.

Netflix, one of the world's most popular platforms, saw the highest number of exposed accounts - around 5.6 million. Brazil led the list of affected countries, followed by Mexico and India. Disney+, Amazon Prime Video, HBO Max, and Apple TV+ also suffered thousands of leaked accounts, though exact figures were not disclosed for some platforms.

If your Prime Video password matches your Amazon login, or your Apple TV+ credentials align with your Apple ID, cybercriminals could potentially access:

• Online shopping and payment methods
• Social media profiles
• Email accounts
• Banking and personal data

Once a device is infected, malware can collect more than just streaming logins, including cookies, saved card details, and other sensitive information.

Kaspersky has launched "Case 404," an interactive game designed to educate young users about cybersecurity threats through realistic scenarios. Completing the game provides users with a discount on Kaspersky Premium. As streaming culture becomes increasingly intertwined with Gen Z's online identity, cybercriminals are tailoring their tactics to target this demographic.

In response to the alarming increase in cyber threats, Kaspersky recommends users take the following immediate safety measures:

• Change your passwords: Use strong, unique passwords for each streaming service and avoid password reuse.
• Activate two-factor authentication (2FA): Enable 2FA wherever available, especially on accounts linked to purchases or personal data.
• Utilize a password manager: These tools generate, store, and autofill secure passwords, alerting you if any are found in data breaches.
• Be cautious with links: Avoid clicking on suspicious links in emails or messages, and instead, access services directly through your browser.
• Download apps only from official sources: Avoid cracked versions, pirated files, or third-party app stores. Refrain from installing suspicious .exe or .msi files posing as media players.
• Regularly monitor your accounts: Check account activity and sign out of unknown devices. Change passwords if anything appears suspicious.

As streaming becomes an integral part of modern entertainment, securing your accounts is no longer optional—it's essential. The core message from Kaspersky's report is clear: many breaches occur due to poor online habits rather than platform vulnerabilities. Simple actions, such as setting stronger passwords and avoiding shady downloads, can significantly protect your digital life.

1. Amidst the escalating concerns in cybersecurity, global security firm Kaspersky has uncovered that the business of streaming services, such as Netflix, Amazon Prime Video, Disney+, HBO Max, and Apple TV+, has been targeted by cybercriminals, leading to the compromise of approximately 7 million user accounts in 2024.
2. The account takeovers, ironically, were not primarily caused by direct hacks but were a result of spyware infections, phishing scams, and fake browser extensions, which are deceptive strategies employed by cybercriminals to trick users into freely giving away their login credentials.
3. Streaming platforms have implemented various security measures to safeguard user accounts from cyber threats and phishing attempts. These include Multi-Factor Authentication, Strong Password Policies and Password Managers, Monitoring and Account Security, Secure Content Delivery, Anti-Phishing Measures, Secure APIs and DDoS Protection, New Authentication Methods, and Password Sharing Policies.
4. Kaspersky detected over 96,000 attempted spreads of malware disguised as these streaming services' names, with the highest number of affected users reported in Brazil, followed by Mexico and India, though victims were found worldwide.
5. Stolen accounts can pose a significant risk, potentially leading to account takeovers, data theft, or financial fraud when the same login details are reused across various services, such as online shopping and payment methods, social media profiles, email accounts, banking and personal data.
6. In light of the increase in cyber threats, Kaspersky emphasizes the following safety measures: changing passwords, activating two-factor authentication (2FA), utilizing a password manager, being cautious with links, downloading apps only from official sources, regularly monitoring accounts, and checking account activity for any suspicious behavior.

Read also: