Alert Your Netflix Account Could Be at Risk of Being Hacked Heres How To Keep It Safe

Netflix is one of the world's most popular video streaming services and offers an array of TV shows, films and more for customers.

But it is no secret that many users of the service share their password with family, friends or significant others so they can indulge in Netflix's deluge of content.

However, UK firm Synamedia is determined to mitigate password sharing with a new service dubbed Credentials Sharing Insight that harnesses the power of artificial intelligence (AI) to detect behaviour associated with such an action.

Scam Message Claims To Be From Netflix

Synamedia showed off the new service at CES 2019, a technology show that takes place in Las Vegas every year, and explained it looks at various user behaviours to make its assertions.

The UK company claims by looking at variables such as where the streaming service is being used, the content watched, the device used to watch it and more it can calculate a probability of how likely it is a particular user is sharing their password.

Streaming services such as Netflix are able to pay for access to Synamedia's initiative that will grant them the data in question.

Don't Fall For This Scam Claiming Your Netflix Account Is Disabled

Discussing Synamedia's methods, Jean-Marc Racine, the CTO of the firm, told The Verge: “A typical pattern would be you have a subscriber that is simultaneously watching content on the East Coast and West Coast of the US.

Once data has been analysed, the streaming service can then decide the course of action for users believed to be sharing their passwords.

It is expected anything from sending an email alerting the user to more premium account models that allow more than one person to access the service to a complete account ban entirely are possible repercussions.

Netflix Warning: Your Account Could Be At Risk If You Share Netflix Passwords With Others

Although Synamedia has not declared which companies are currently trialling its new scheme, it already sells different services to the likes of Disney, Sky and AT&T.The author of the above article describes his experience receiving an email alert from Netflix warning about a potential compromise of his Netflix credentials. Not to spoil a good read, but a point of confusion the author makes is that Netflix advised their clients to do a password reset without any apparent security breach or other explanation.

There are a couple of hypotheses what might have happened and even more offered by readers in the article’s comments section. has worked with numerous companies on risk mitigation for prevention of account takeover attacks.

Based on that experience, I review what the Netflix warning message tells us about their methodology. I also provide insight into a better way for companies to analyze exactly which credentials have been compromised and communicate that effectively with their customers.

The End Of Netflix Password Sharing Is Nigh

Netflix is using leaked credentials from data breaches in other organizations. In an email sent to subscribers the first week of June, they said: “

We believe your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company

It seems there may have been a miscommunication between the Netflix Security Team detecting the leaked credentials and the PR & Customer Service teams. The core of the issue is that it is difficult to communicate the concept to users that Netflix hadn’t been breached, but hackers possess your Netflix credentials through hacking a different service.

Netflix's Stumble Could Be A Warning Sign For Streaming Industry

I suspect that Netflix didn’t do a comparison of the complete credential sets of the leaked credentials with those of the Netflix’s customers. Most probably they only performed a comparison of the email User Names. As a result, a large number of Netflix customers whose credentials were not at risk also received the warning message.

The more thorough and effective method, recommended by , is to compare the User Names and the Passwords between the compromised accounts and the accounts of the customers you are protecting. This produces a more accurate list of the impacted users.

The reason this is not the common practice is because is difficult to use Passwords in the comparison. Leaked credentials are usually hashed and in many cases encrypted. To perform the comparison, the company must crack the hash/decrypt the encryption and then hash/encrypt the outcome with the same method used for their users’ credentials.

About Apple Threat Notifications And Protecting Against State Sponsored Attacks

If Netflix did the comparison as described in #8, they could have sent emails only to the customers whose Netflix credentials completely matched with the leaked credentials. This would have avoided the confusion pointed out in the article.

The confusion is not as benign as it seems. It is, in fact, dangerous when a security alert message is confusing. A confusing message cannot be acted on and is frequently ignored.

Utilizes leaked credentials as part of our Penetration Testing Methodology. We are able to compare User Names and Passwords as recommended in this article. As a result, we have had great success using leaked credentials in our penetration testing assignments with our clients.

Netflix's Password Sharing Crackdown Has A Silver Lining

Serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture. We have domain expertise in several vertical industries. Our industry-specific methodologies and assessments are aligned with our core competencies:

Please enter a business email address to obtain proper delivery of the product. If you do not have a business email address or experience any issues during the registration process, please send an email to support@

Share :