Game of Threats: The Rising Tide of Cyberattacks on the Video Streaming Industry

Posted August 7, 2017

Game of Threats: The Rising Tide of Cyberattacks on the Video Streaming Industry

Sharing is caring – at least when it comes to helping those less fortunate. But, when it comes to streaming video services, a more apt phrase would be…sharing is troublesome.

While sharing login credentials for streaming video services, such as HBO Go, may seem like a harmless way to let your family and friends catch up on their favorite shows, it is creating even more opportunities for cybercriminals to steal login credentials. That’s when they’re not trying to steal content directly from HBO’s servers.

With popular HBO show Game of Thrones back for its seventh season, it’s becoming a running joke about just how much of the show’s viewership is watching for free, thanks to login credentials being shared among family and friends.

All of those unpaid subscriptions are starting to add up. Credential sharing for access to streaming services, such as Netflix, HBO Go, Hulu, Amazon and others, resulted in as much as $500 million in lost potential revenue back in 2015—and could top $650 million this year.

But with billions of personal credentials of all kinds stolen and available on the dark web, login theft is accelerating faster than ever.

Netflix (HBO, Hulu, Amazon) and Chill

A Reuters/Ipsos poll found that 12 percent of streaming viewers had used someone else’s login credentials to access streaming services in the past 30 days. That figure jumps to 21 percent for people between the ages of 18 and 24. For Netflix alone, those using somebody else’s credentials could top 25 percent of all viewers.

Never mind that it’s technically a federal crime to use shared passwords for these services. But, so far at least, the streaming companies have been relatively nonchalant about the issue.

While shared passwords may have worked to get people hooked on a new golden age of episodic video content, it now runs the risk of bringing unwelcome drama (or even horror) to the industry.

Streaming Out Loud

While credential sharing runs rampant, all of these services are suddenly facing a bevy of threats to themselves and their customers.

  • Netflix customers in the UK were the subject of a phishing attack this summer, where fraudsters sent fake emails asking customers to confirm their login and payment information.
  • Fraudsters from loners to global crime rings also capitalize on free trials, leveraging stolen identity and payment information from other sources to open new streaming accounts. They then resell the free account at low prices to up to four buyers.
  • Successful logins to existing accounts give hackers access to customers’ financial information. On some services, it could even give cybercriminals the ability to place direct purchases. And the proclivity of consumers to reuse the same password for different accounts — such as using the same password for their Amazon Prime and bank accounts — can make streaming credentials valuable to those piecing together personal identity information for far larger crimes.
  • On July 31, a cyberattack against HBO resulted in the theft of intellectual property related to Game of Thrones and other shows, including some upcoming episodes.

Digital Identity: Dialing Up Security

Getting a handle on shared and stolen credentials is no small feat. Traditional security systems that rely on usernames and passwords are unable to differentiate between legitimate users and fraudsters with valid credentials.

To accomplish that level of visibility, Netflix and a growing number of other streaming services are gravitating to digital identity-based user authentication, which goes beyond static login credentials to include hundreds of different, dynamic data elements that can’t be faked, stolen, or misused.

Using real-time data spanning millions of daily transactions across tens of thousands of websites around the world, these solutions provide a clear view of users based on more than their names, devices, and credentials.

Instead, they continuously assess user personas, behaviors and intent, and cross-reference this data with anonymized, crowdsourced global threat intelligence. Legitimate users get an effortless, frictionless experience, while fraudsters get blocked from ever gaining access.

View to a Thrill

According to media companies that have deployed them, digital identity-based systems can help reclaim lost revenue and provide far better security. Netflix, for example, reports that digital identity-based authentication has helped it dramatically reduce fraud losses from free-trial scams and non-payment on fraudulent credit card usage.

Still, with stolen user credentials helping fuel the adoption of their services, will digital identity systems give streaming companies the ability to get a grip on fraud without slowing down growth? With Game of Thrones shattering viewing records and big fall premieres just around the corner, the entire industry is staying tuned to find out.

Alisdair Faulkner

Alisdair Faulkner

Chief Products Officer, ThreatMetrix

close btn