Pirates are selling hundreds of stolen login details for popular over-the-top services on “dark web” marketplaces, according to new research by content-security firm Irdeto.
For the month of April 2018, Irdeto discovered 854 listings of OTT credentials from 69 unique sellers across more than 15 dark web marketplaces. The purloined usernames and passwords on sale were from 42 different streaming services including Netflix, HBO, DirecTV and Hulu.
It’s not clear if the stolen OTT account info illegally available for sale were legitimate, active accounts — or just scams from cybercriminals. (Irdeto did not say whether it tested the stolen credentials.) On dark web marketplaces, which are cloaked using secret access protocols, a wide range of illicit products, accounts and services are available for purchase, including account credentials for a range of pay-TV services.
RELATED: Notable data breaches in the US
Notable data breaches in the US
Notable data breaches in the US
Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell
LONDON, ENGLAND - AUGUST 19: A detail of the Ashley Madison website on August 19, 2015 in London, England. Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday fulfilling a threat to release sensitive information including account details, log-ins and credit card details, if Avid Life Media, the owner of the website didn't take Ashley Madison.com offline permanently. (Photo by Carl Court/Getty Images)
Katherine Archuleta, director of the U.S. Office of Personnel Management (OPM), speaks during a House Oversight and Government Reform Committee hearing on the OPM data breach in Washington, D.C., U.S., on Wednesday, June 24, 2015. U.S. senators said yesterday they doubt the government's personnel office understands the breadth of a computer hack that exposed the records of more than 4 million federal workers, or that the agency can stop another breach. Photographer: Andrew Harrer/Bloomberg via Getty Images
WASHINGTON, DC - JUNE 05: The entrance to the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
SCHAUMBURG, IL - AUGUST 04: A statue of a horse stands at the entrance to a P.F. Chang's restaurant on August 4, 2014 in Schaumburg, Illinois. P.F. Chang's China Bistro Ltd. said today that the company experienced a data breach involving customers' credit and debit card information which affected 33 restaurants in 16 states, including the Schaumburg, Illinois location. (Photo by Scott Olson/Getty Images)
PORTLAND, ME - AUGUST 15: Shaws on Congress Street on Friday, July 15, 2014. Shaws parent company is investigating a possible data breach. (Photo by Logan Werlinger/Portland Press Herald via Getty Images)
COLMA, CA - APRIL 18: Customers enter a Michaels art and crafts store on April 18, 2014 in Colma, California. Michaels, the largest arts and crafts chain in the U.S., announced that an estimated 2.6 million cards used at its stores across the country may have been affected by a security breach. Aaron Brothers, a subsidiary of Michaels, was also affected by the breach. (Photo by Justin Sullivan/Getty Images)
CORAL GABLES, FL - FEBRUARY 28: A checkout keypad is seen at a Sears store on February 28, 2014 in Coral Gables, Florida.
According to reports the U.S. Secret Service is investigating a possible digital attack at Sears Holdings Corp. (Photo by Joe Raedle/Getty Images)
A couple of shoppers leave a Target store on a rainy afternoon in Alhambra, California on December19, 2013, as the US retail giant said some 40 million customers may have had bank card data compromised by hackers who broke into its database as holiday shopping got underway. Target said there had been 'unauthorized access' to its payment system in US stores affecting credit and debit cards with approximately 40 million credit and debit cards possibly affected by the breach between November 27 and December 15, the company said in a statement. AFP PHOTO / Frederic J. Brown (Photo credit should read FREDERIC J. BROWN/AFP/Getty Images)
Discover More Like This
BACK TO SLIDE
Of course, Irdeto has an interest in publicizing piracy and other illicit activities — in order to sell media and entertainment customers on its content security and monitoring solutions and services. The Amsterdam-based company is a subsidiary of media group Naspers.
In the past, execs at streaming-subscription companies have downplayed the problem associated with password-sharing for their services. In fact, Netflix, for example, has made account-sharing among multiple users into a revenue opportunity: In the U.S. the company’s $13.99-per-month Premium plan offers access to up to four simultaneous streams, compared with two for the standard $11.99 monthly tier.
The findings of the sale of OTT login credentials is part of Irdeto’s Global Consumer Piracy Threat Report 2018.
The vendor also found that illegal live-streaming piracy is a global problem, with an average of 74 million global visits per month to the top 10 live-streaming sites in Q1 2018. Most traffic came from the U.S. (2.93 million average monthly visits), the U.K. (1.71 million) and Germany (1,52 million). The company cited a report about a British man who received an £85,000 ($108,500) bill from Sky after a friend illegally streamed a championship boxing match on Facebook Live using his subscription.
In addition, Irdeto found numerous ads for “fully loaded” illegal streaming set-top boxes on ecommerce sites including eBay. The company said that year-to-date in 2018, it has worked to remove nearly 7,000 ads for such illicit set-tops across 60 services.
“Content theft by pirates has become a full-fledged criminal enterprise, with some providing illegal subscriptions in an attempt to compete with established pay-TV operators,” said Mark Mulready, Irdeto’s VP of cybersecurity services.
In releasing the report’s findings Monday, Irdeto advised consumers to be vigilant of any unusual or unfamiliar activity on their account and recommend changing passwords regularly.