Netflix security

Dieselboy · March 24, 2020, 08:04:37 PM

My friend in England had his netflix account taken over (email and password changed) and he couldnt sort it right away because he doesnt have a computer.

They got it sorted yesterday but within 2 hours it was taken over again. Netflix said to him that they cannot force logout the attackers whom are logged in - I said that's ridiculous.

He's not really techy but I said to him "how can they still have access to your account when your password was changed". The only devices they (he and his partner) have are the phones and TV dongle that runs netflix for the TV. I have a feeling one of those devices have some bad software on it and it's scraping the password.

Otanx · March 25, 2020, 09:49:13 AM

I heard this from someone before. I don't remember where I read it, but if I remember correctly the problem was that once a device is logged in the authentication token they get does not expire. Normal customer service can't do anything. If I remember right they eventually got someone in the Netflix fraud department that was able to force expire the tokens. I also vaguely remember them saying something about trying to cancel the account, but the attacker would just re-enable it, and it kept using their saved CC info for billing.

-Otanx

deanwebb · March 25, 2020, 11:19:52 AM

1. Remove CC info.
2. Cancel account.
3. Call a solicitor to sort things out as part of a class action suit.
4. Netflix gives you a new account, 6 months free, and an apology.

Dieselboy · March 25, 2020, 09:40:55 PM

OK so this just exposes flaws in netflix's systems... They're negligent in allowing fraud to continue to take place at cost. I told my friend previously that if netflix cant help to fix that, then they need to cancel and create a new account to resolve...

Not good Netflix. Protect your customers.

Netflix security

Dieselboy

Otanx

deanwebb

Dieselboy