US Feds Caught Two Oregon Men Stealing Netflix, Other Streaming Service Credentials and Reselling Them

Sophie Webster, Tech Times 14 May 2021, 03:05 am

The US Feds arrested two Oregon men who were accused of stealing and reselling customer's credentials from Netflix and other streaming services. The US Attorney's office announced that the men have now been indicted on fraud charges.

Men Steals Streaming Service Credentials

According to the indictment, Evan McMahon and Samuel Joyner stole and sold more than 200,000 user account credentials from popular streaming services including Netflix, Spotify Premium, and HBO Max. This was a part of the online service operation named AccountBot.

Users of the AccountBot side paid a subscription fee to get the credentials of other users who paid for the streaming services, according to The Verge.

The subscribers of the site AccountBot got the services of the streaming platform at a much lower rate than the ordinary users.

As of March 2019, the service had more than 52,000 customers and had offered more than 217,000 stolen streaming account credentials for their subscribers to use.

Also Read: Don't Fall For This New Netflix Phishing Scam Going Around Amid Coronavirus Quarantine

The indictment alleges that AccountBot got hold of the credentials through hacking. The indictment also pointed out that the two men used credential stuffing attacks, which means they took login details from public breaches and reusing those information on other sites.

Such attacks usually work because people reuse the same passwords and usernames on numerous sites. Both McMahon and Joyner used an automated tool to verify the stolen user credentials.

Subscribers of the AccountBot site paid between $1.79 and $24.99 so they can assess the stolen credentials. The subscription fee depends on how long and which service they want to use.

According to the Department of Justice or DOJ, McMahon managed payments and coded the AccountBot website. Joyner, on the other hand, acquired the stolen credentials an handled the AccountBot customer service.

Streaming Service Schemes

Netflix and other popular streaming services have dealt with numerous password-stealing schemes and scams over the years.

The streaming giant announced this year that the company was trying to crack down on password-sharing among its users, even if they are only sharing account access to the people that they know. This is because the more people who knows the user's information, the greater the chances that the said information could be compromised.

A report from the research firm Parks Associates stated that password piracy and sharing cost streaming services like Hulu, Netflix, and Disney Plus around $9 billion a year.

McMahon was prosecuted for the same offenses in the District Court of New South Wales in Sydney, Australia, according to the DOJ. Last month, he was sentenced to two years and two months by way of intensive corrections order.

Meanwhile, Joyner is charged with conspiracy to commit computer and access device fraud, possession of more than 15 unauthorized access devices, and trafficking and use of unauthorized access devices.

Joyner was arrested on May 12 by the FBI and he pleaded not guilty at an arraignment before a US magistrate judge. Joyner is scheduled to stand trail on the charges on July 13.

The charges of conspiracy to commit computer and access device fraud has a maximum sentence of five years in federal prison.

Trafficking and the use of unauthorized access devices and the possession of 15 or more unauthorized access devices are each punishable by up to 10 years in federal prison.