However, we do not anticipate that this victory is decisive and permanent. In this study, it appears that a mix of factors drastically reduced the number of available Netflix and Disney+ accounts. They can also monitor distribution channels on the deep and dark web to immediately lock down any account whose credentials are shared.
This includes preventing password reuse, blocking suspicious login attempts, and requiring more stringent authentication (MFA). In November, the numbers dropped precipitously when a popular site for posting credentials went down.įrom a defender’s perspective, this offers several opportunities to frustrate the supply chain of account compromise.Īccount providers-whether streaming services or banks-can take measures to disrupt the procurement, distribution, and consumption of compromised accounts. We attribute this to several factors: Due to COVID lockdowns, the supply and demand for Netflix and Disney+ accounts peaked in March-May 2020, then reverted as the year progressed.ĭespite a slight uptick in the fall, overall numbers trended downwards as content providers presumably improved defensive measures. This means that at least 1 out of every 1,650 Netflix (0.061%) accounts and 1 out of every 714 Disney+ accounts (0.139%) were leaked to the deep and dark web in 2020.īoth metrics were very volatile from month to month.
There were 114,491 Netflix and 106,424 Disney+ unique verified accounts. Our investigation found 805,085 Netflix and 596,502 Disney advertised accounts, corresponding to 0.39% of all Netflix and 0.63% of all Disney+ accounts. Our count of advertised accounts can be seen as a maximum and verified accounts, a minimum, in the count of compromised accounts. Netflix usernames and passwords on a paste site We calculated the number of accounts that posts advertised to be sharing/selling, as well as the number of unique usernames and passwords that we were able to verify, such as in the post below. With so many credentials available, we attempted to discover how many Netflix and Disney+ accounts were shared from January 2020 through March 2021. Read the Full Threat Report, How Many Netflix and Disney+ Accounts Are On The Dark Web? Threat actors harvest them through credential stuffing attacks and then distribute them for free or sell them for several cents apiece.
Learn more: Real-time insights about gaming-related fraudĪnyone even marginally familiar with the dark web knows that credentials for popular streaming services are shared widely on forums and paste sites. Nowadays, as content is delivered on-demand through online streaming services, the only thing preventing an aspiring viewer from reaching massive content libraries is a legitimate username and password.
0 kommentar(er)
