Netflix lets multiple people use an account at the same time, and this feature is great when it allows you to mooch off a friend’s account without inconveniencing them.
But one problem with this policy is that it has inadvertently created a black market for “access” to stolen Netflix accounts.
A recent report by McAfee Labs revealed you can buy access to Netflix accounts in “Dark Web” marketplaces, which can only be accessed using a special internet browser called TOR that hides your IP address.
Hackers in these marketplaces are selling lifetime access to Netflix accounts for as little as $0.50. While some of these accounts are likely ones purchased with stolen credit card information, others used hacked login information, Raj Samani, the CTO of Intel Security, told Tech Insider.
And sometimes hackers don’t even sell the stolen accounts, but rather, just dump the login credentials on the internet for people to use.
Motherboard writer Rachel Pick came face-to-face with this phenomenon recently when she noticed weird movies and TV shows showing up in her “Recently Watched” section on Netflix. At first, she says she thought it was just a glitch in Netflix, but after reading about the black market for stolen Netflix accounts, she decided to check if hers had been hacked.
The tool she used was haveibeenpwned.com, which gives you a rough idea of whether your personal information has been leaked onto the internet. Pick found that her family’s login info had appeared on Pastebin, a site for dumping plaintext files, in a document with the title “BunchaNetflixAccounts.” The information from 2,400 other users had also been compromised.
While haveibeenpwned.com worked for Pick, it’s not always effective for finding out if you’ve been hacked, especially if your login is being sold on the “Dark Web.”
Luckily there’s an easy measure you can take if you think there might even be the possibility you’ve been hacked. Netflix has a feature that allows you to force all users who are logged into your account to log out. This means everyone with the username and passwords saved gets temporarily booted. Once you’ve done that, just change your password to keep them out permanently. This also works if you get too many “friends of friends” clogging up your account.
Here is how you do it.
Go to the account page and select “Sign out of all devices.”
You then will be prompted to confirm.
After that, all that’s left is changing your password so they can’t log back in (bear in mind the signing out can take up to eight hours to take effect).