Hackers Steal Dormant Netflix Accounts and Reactivate Them

• Hackers are taking over dormant Netflix accounts and charge the owners’ bank accounts.
• These accounts are either kept for own use or resold on darknet marketplaces.
• Netflix isn’t taking any action against this phenomenon, or any responsibility about the situation.

Various former Netflix users are complaining about bank charges that they don’t recognize, allegedly coming from the reactivation of their accounts. According to the reports, hackers manage to login to the Netflix platform using stolen user credentials, possibly through the credential stuffing. They then reset the login credentials and take over the old account from the original owner. The worst part is not the takeover of a dormant account though, but the fact that the streaming platform seems to keep the owner’s billing details handy. This makes it possible for the hackers to reactivate the accounts, charging the victim’s bank account or card, and engaging in content consumption.

If the victim doesn’t notice the fraudulent charges, which can really go unnoticed for extended periods of time, the actor will continue to enjoy Netflix for free. Besides own use though, some hackers prefer to sell the accounts to others on darknet marketplaces, promoting them as “lifetime” subscriptions, which is a blatant lie of course. Now, with all of this activity targeting former Netflix users, the problem is on them and not the streaming platform itself. On the contrary, Netflix is making money thanks to the hackers who step in and reactivate the accounts.

This is not to say that Netflix supports or fosters the taking over of dormant accounts, but they do lay the ground for abuse no matter the growing number of former users reporting about it. Netflix is keeping the billing details stored for ten months after the deactivation of an account, allegedly to make it easier for a former user to rejoin. Moreover, the platform is advising the victims to file a “chargeback” payment for any unauthorized activity with their bank, so they do not wish to deal with the problem themselves. They could run identity checks when anyone tries to reactivate an account, and take fingerprinting data into consideration, but they aren't.

If you wish to deactivate your Netflix account, make sure to specifically ask the platform to remove your payment details immediately. Moreover, you should also lift “automatic-billing” permits from your bank account or your PayPal account, so even if Netflix would like to draw the money from there, the request would be denied. Finally, be careful with whom you share your Netflix password with, and don’t do it at all if you don’t absolutely have to.

Have you fallen victim to a situation like the one described above? What has Netflix done to help you? Let us know in the comments down below, or on our socials, on Facebook and Twitter.