An Oregon man who is said to have stolen and resold customers’ credentials against Netflix and other streaming services has been charged with fraud charges, The U.S. law firm announced.
The allegation is that Samuel Joyner and Evan McMahon stole and sold more than 200,000 customer account credentials to streaming services such as Netflix, HBO Max and Spotify Premium as part of an online service called AccountBot. Site users paid a subscription fee to receive other people’s login information for paid streaming services at a lower cost than the services charged.
In March 2019, the service allegedly had approximately 52,000 customers and provided more than 217,000 stolen streaming account credentials.
AccountBot claimed to have obtained this login information through hacking. The prosecution alleges that both men used credentials – essentially taking login credentials for public violations and re-using the credentials on other sites. Such attacks often work because people reuse the same passwords and usernames on many sites. Joyner and McMahon used an automated tool to verify stolen credentials.
AccountBot customers paid $ 1.79 to $ 24.99 for the use of stolen credentials, depending on how long and what service they wanted to use. According to the DOJ, McMahon managed the payments and coded the AccountBot website, while Joyner obtained the stolen proxies and handled AccountBot customer service.
Netflix and other streaming services are dealt with various password theft systems and other scams for years. Netflix announced earlier this year it tried to combat password sharing among its customers; even if you only share account access with people you know, the more people there are, the greater the chances of data being compromised. According to an analysis by the research firm Parks Associates, password copying and sharing cost streaming services such as Netflix, Hulu and Disney Plus for $ 9 billion a year.
McMahon was charged with similar crimes in the New South Wales District Court in Sydney, according to the DOJ, and sentenced last month to two years and two months intensive repair sequence.
Joyner is charged with conspiracy to commit computer and hardware fraud, smuggling and use of unauthorized access devices, and possession of more than 15 unauthorized access devices. The FBI arrested him on Wednesday and pleaded not guilty to a U.S. judge. He is due to be indicted on July 13th.
Computer fraud and access device fraud is punishable by up to five years in a federal prison. The smuggling and use of unauthorized access devices and the possession of 15 or more unauthorized access devices is punishable by up to 10 years in a federal prison.