Black market for stolen streaming accounts thriving

The proliferation of entertainment streaming services such as Netflix, Disney+ and Apple Music has created a lucrative new market for attackers, who are stealing valid credentials and selling them at heavy discounts on the dark web, according to Proofpoint.

An analysis into the growing black market for stolen streaming credentials by the cybersecurity company shows that a mature, thriving online market has emerged for stolen streaming credentials.

Proofpoint's research found that attackers are using three main methods to harvest compromised credentials.

The first includes malware attacks including keyloggers and other information extraction tools, Proofpoint said. This malware is often concealed in files or masked to look like legitimate applications to evade detection from users.

Attackers are also using credential phishing attacks such as sending out spoofed emails claiming there is an issue with a prospective victim's streaming account, and asking them to click a link to correct the issue.

These links lead to sites designed to mimic the official streaming site — often near perfect copies of the original — that use login pages to harvest credentials. Sites will often also implement credit card entry pages to try to steal a victim's credit card information at the same time.

The third method involves using previously compromised login details from other sites to attempt to catch out victims who re-use their passwords across multiple sites.

Proofpoint said many Australian victims of such an attack may not even be aware that their streaming details have been stolen and sold and are being used by somebody else for free.