Netflix under fire after accounts ‘reactivated’ without permission
Streaming giant Netflix has come under fire after users who cancelled their subscriptions months ago said their accounts had been reactivated without consent.
The unwitting customers fell victim to criminals who hacked into their dormant accounts and were able to reactivate them without knowing the user’s bank details, a BBC investigation revealed.
Read more: Netflix down: Streaming giant apologises as outages hit users across the globe
The streaming service’s platform is designed to make it easy for customers to rejoin, and so it holds their information – including billing details – for 10 months after a subscription ends.
However, this system appears to have left dormant accounts vulnerable to hackers.
Emily Keen, a customer in Oxford, cancelled her Netflix subscription in April this year, but found she had been charged £11.99 in September.
“I tried to login to my account, but it said my email and password had not been recognised,” she said.
“It turns out the criminals had changed my login details completely and had signed me up for the most expensive service.”
Keen contacted Netflix customer services and was told her card would be blocked and she would be refunded.
However, Netflix then took two more payments in October and November and refunded her only in part, according to the report.
Further Netflix customers have taken to Twitter to complain of similar incidents, and a lucrative black market has opened up where criminals sell log-in details on sites such as Ebay.
It comes after a similar breach was reported on newly-launched streaming service Disney Plus. Thousands of customers were locked out of their accounts after scammers hacked in and put their subscriptions up for sale on the dark web.
Read more: Thousands of Disney Plus accounts hacked days after launch
A Netflix spokesperson said: “The safety of our members’ accounts is a top priority for us, and we are always working to improve this.
“We use a variety of measures to protect our members, notifying users to change their password when suspicious activity is detected, and when there is a sign-in to their account on a new device. If a member notices any unusual activity on their account, they should contact us immediately.”