Strangers Stealing Your Netflix? Here's How to Tell

Netflix lets your streaming account be used by up to four people at a time — but some of those people may be complete strangers halfway around the world.

Credit: Scyther5/Shutterstock

(Image credit: Scyther5/Shutterstock)

Stolen Netflix account credentials are sold for as little as 25 cents apiece wholesale in online black markets, according to U.S. information- security company Symantec. The company says credentials are generally stolen either by phishing emails, or by malware posing as Netflix apps that may also steal credentials for online bank accounts.

You can check your Netflix account for suspicious activity, but you can't see a list of all devices that recently used your account. If you're worried that a stranger is tapping into your Netflix account, you should sign out of all Netflix devices at once, and/or change your password.

MORE: Netflix Streaming Guide: Best Movies and TV Shows on Now

Last month, Netflix suddenly expanded its streaming service to nearly every country in the world, including some nominally hostile to the United States, such as Cuba, Venezuela and Iran. The only major exceptions were Syria, North Korea and China.

This marketing coup also means that there are now a lot of potential Netflix customers in poorer countries who can't afford to spend $8 a month for access on their Android phones — but can certainly pay a buck or two to the guys running the cellphone shop down the street. That cut-rate access comes through stolen credentials.

Your account, up for sale

"There is an underground economy targeting users who wish to access Netflix for free or a reduced price," Symantec's Lionel Payet wrote in a company blog posting Feb. 11. "The most common offers are for existing Netflix accounts. These accounts either provide a month of viewing, or give full access to the premium service.

"In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable," Payet added. "This is because a password change would alert the user who had their account stolen of the compromise."

There are so many stolen Netflix credentials out there that Payet's screenshots of online black markets include an ad for a tool called "NetflixGenerator" that spits out freshly compromised credentials in bulk, for people who want to resell those credentials to end users. It can be accessed for set periods of time -- $10 for a week, $20 for a month or $30 forever.

"NetflixGenerator is a unique tool that generates freshly cracked accounts," the ad reads. "You can generate almost unlimited accounts per day. We update our account list daily to ensure you get only the freshest accounts."

The golden ticket to unlimited streaming

With such a thriving trade in stolen Netflix credentials, online criminals need to steal more and more of them.

Payet notes that one method of doing so involves the good old phishing scam — an email message or browser pop-up window that says you need to log back into your Netflix account for some reason, then takes you to a fake Netflix login page. Your email address and password are sent to criminals, and just to add injury to insult, the fake page may ask for your credit-card number as well.

But Netflix is so popular, Symantec says, that Trojan-horse malware posing as Netflix applications has cropped up as well.

"One malware campaign involves malicious files posing as Netflix software on compromised computers' desktops," Payet wrote. "The files are downloaders that, once executed, open the Netflix home page as a decoy and secretly download Infostealer.Banload. Banload steals banking information from the affected computer."

Payet added that "the files are most likely downloaded by users who may have been tricked by fake advertisements or offers of free or cheaper access to Netflix."

How to check for suspicious Netflix activity, and what to do about it

It couldn't hurt to log into your Netflix account on a desktop computer and go to the My Activity page.

See anything there that you're sure that you, or anyone that you know shares your account, didn't watch? If so, then you'll want to change your password at http://www.netflix.com/password. (Make sure the new password is strong and unique.) The password change will force all users to sign in again with the new password.

If you'd rather not change the password, but want to give freeloaders a scare (and tell the credentials sellers that you're on to them), you can just sign out all devices using your credentials at http://www.netflix.com/ManageDevices. The sign-out process may take up to 8 hours to populate to all devices, Netflix says.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.