A 21 year old Australian man was arrested for having over one million stolen Hulu, Netflix, and Spotify passwords hosted on his website WickedGen.com. The man was arrested after police estimated he made over $211,000 over two years.
The FBI initially informed the Australian Federal Police (AFP) of Wicked Gen in 2018, given the 120,000 paid members the site reportedly had. The two entities then collaborated in a joint international cybercrime investigation to pinpoint the man responsible. Although the perpetrator was based out of Australia, the users who subscribed to the site were based across the globe, including the U.S. After obtaining a search warrant and arriving at the premises, the AFP seized, “electronic materials and various amounts of cryptocurrencies.
According to the AFP, the man accessed the account information by “credential stuffing,” which involves the attacker compiling a list of previously compromised usernames and passwords, usually due to a breach, and then selling them for profit. As most people reuse the same password again and again, once account information has been obtained, it will likely provide details to access other accounts.
“Individuals in Australia have had their personal data stolen for the sake of individual greed,” AFP manager of cyber crime, Chris Goldsmid said. “These types of offences can often be a precursor to more insidious forms of data theft and manipulation, which can have greater consequences for the victims involved.”
The AFP confirmed that they are working with Netflix, Spotify, Hulu and all other companies implicated to address the issue. “We are working closely with the affected companies and thank them for their cooperation with investigations to date.”
I knew it would be a matter of time before streaming services crack down on password sharing.