Netflix security

Started by Dieselboy, March 24, 2020, 08:04:37 PM

Previous topic - Next topic

Dieselboy

My friend in England had his netflix account taken over (email and password changed) and he couldnt sort it right away because he doesnt have a computer.

They got it sorted yesterday but within 2 hours it was taken over again. Netflix said to him that they cannot force logout the attackers whom are logged in - I said that's ridiculous.

He's not really techy but I said to him "how can they still have access to your account when your password was changed". The only devices they (he and his partner) have are the phones and TV dongle that runs netflix for the TV. I have a feeling one of those devices have some bad software on it and it's scraping the password.

Otanx

I heard this from someone before. I don't remember where I read it, but if I remember correctly the problem was that once a device is logged in the authentication token they get does not expire. Normal customer service can't do anything. If I remember right they eventually got someone in the Netflix fraud department that was able to force expire the tokens. I also vaguely remember them saying something about trying to cancel the account, but the attacker would just re-enable it, and it kept using their saved CC info for billing.

-Otanx

deanwebb

1. Remove CC info.
2. Cancel account.
3. Call a solicitor to sort things out as part of a class action suit.
4. Netflix gives you a new account, 6 months free, and an apology.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

OK so this just exposes flaws in netflix's systems... They're negligent in allowing fraud to continue to take place at cost. I told my friend previously that if netflix cant help to fix that, then they need to cancel and create a new account to resolve...

Not good Netflix. Protect your customers.