Who’s Watching? ‘Hijacked’ Netflix Accounts Reveal Weak PH Cybersecurity Laws

Editor’s note: This article was written for the Journalism 102 class under lecturer Karol Ilagan of the University of the Philippines’ College of Mass Communication. It originally appeared on Tinig ng Plaridel and is republished with permission from the authors.

Netflix user Olessia Guintu has been unable to keep up with the expensive monthly fee for the entertainment platform. When she found out an online user was selling Netflix accounts for P130 every three months, she inquired.

What Guintu thought was a sweet deal turned out to be dubious after she was given faulty user credentials that prevented her from watching. Though the reseller accommodated her concerns at first, she no longer heard from them the week after. She never got around to restoring the faulty account, much less getting a P130 refund.

Guintu’s story is not the first one, however. Similar instances of online shops marketing cheaper premium accounts for entertainment platforms and educational resources are not new stories.

Since lockdown, many have rushed to avail of online content they can enjoy at home. Because of the heightened demand for these platforms, a black market for premium accounts rises, and with it, a surge of threats on data privacy and consumer protection.

What you need to know

Some online sellers of premium accounts such as Netflix, Spotify and Youtube Premium have resorted to using dubious and illegal methods like password sharing, credit card phishing and user credentials theft.

Both old and new users are enticed to avail of these accounts due to cheaper costs and easier subscription process, sounding the alarm for customer security and privacy.

Existing policies such as the E-Commerce Act and the Cybercrime Prevention Act are either lacking or not enforced properly, leaving cyberspace even more vulnerable to threats and attacks.

Netflix

Netflix accounts are one of the most frequently sold in this premium account market. Even before the pandemic, many Filipinos already use the video streaming website. Media analyst group Media Partners Asia (MPA) reported in January 2020 that viewers in select countries in Southeast Asia watch Netflix for 36.4 billion minutes a week.

But the prolonged stay-at-home orders strengthened the presence of the streaming platform, with viewers staying 60% longer on Netflix, according to an April 2020 follow-up report by MPA. This bumps the weekly watchtime to 58 billion minutes.

Winthrop Yu, chairman of the Philippine chapter of global nonprofit organization Internet Society, saw the direct impact of the lockdown measures on Netflix viewership.


“Up to now, bawal pa ‘yung pelikula, ‘yung sine. People were moving there because they could get their movies online,” Yu said. “Netflix is the most popular kasi kilala.” 

Netflix’s website lists four unique plans that customers can avail. The cheapest one costs P149 per month, where the user can watch and download movies on only one mobile device. The standard plan, the company’s most popular plan in the US, costs P459 in the country. Customers can watch and download simultaneously on two devices in high definition.

Netflix, which boasts award-winning originals and shows, also distributes Filipino-favorite Korean drama series like “Start-Up” and “Crash Landing on You.” The studded catalog on the platform pulls in high demand, with one account able to unlock thousands of titles.

But users have found different ways to subscribe to Netflix for less than the market price. Some of them were found to be illegal, with customers resorting to the hidden market to get the same quality streaming for a lower cost. 

Password sharing

Aldrian Arceo has been using a shared Netflix account with his cousins since 2016. His aunt bought the subscription, but since she could not maximize the streaming service, she shared her login credentials with them. 

Parang mas mahal ‘yung bayad dati. Ayaw [ni tita] na masayang ‘yung monthly plan niya so … bale [tig-iisa] kaming magpipinsan sa limang profiles,” Arceo said. 

Back then, “Basic” — the cheapest subscription plan — cost P370 a month. It allowed up to five user profiles but limited simultaneous watching and downloading to one device at a time. 

Arceo and his cousins would coordinate with each other who gets to watch or download at a certain time to have an uninterrupted streaming experience.

Hati-hati na lang kami ng bayad sa tita namin monthly kasi mas tipid talaga,” Arceo said. “So far, okay naman. Never pa kaming hindi nakapanood dahil sabay-sabay kaming gumagamit.” 

Unlike Arceo, however, some use password sharing for business purposes. Netflix resellers set up accounts that they will later sell to various customers.

Gabrielle Galvez got her Netflix account from an online reseller she found at a university online forum. She split the account with two friends, who pitched in for the payment too.

“For two years na siya, so sulit talaga sa tingin namin. Tig-P500 lang kaming tatlo,” she said.

Galvez initially thought that only she and her friends had access to the hand-me-down Netflix account, but she found out that other strangers were also using the same account.

“Apparently, hati-hati lang pala kami sa iisang profile. So kaya pala siya sobrang mura. Hinayaan na lang namin kasi siyempre, tipid na rin ‘yon,” Galvez said.

Sometimes, when too many people share the user credentials and use her Netflix account, errors pop up on the platform.

Drew Santiago, who also availed of a shared Netflix account with other users, noted that the credentials given to them were “strange.”

“Usually odd stuff like ‘aloneh0lmes,’ ‘eastermessy,’ combination lang ng words. Easy money talaga lalo na sa mga scammers,” she said.

Santiago was previously scammed by another seller before, but she was unable to act on it since the transaction was “online.”

The same thing happened to JV Bernardo, another customer who experienced glitches with his premium Netflix account from a reseller. 

Okay naman ‘yung account no’ng una, nakakanood naman ako nang maayos. [Pero] mga ilang days sa panonood ko, bigla na lang ‘di gumana ‘yung account,” Bernardo said.

For the whole month of his purchase, Bernardo was not able to watch Netflix. He was then given another set of Netflix credentials by the reseller.

December ko na lang ulit nagamit ‘yung account. Bago ulit ‘tong set [ng] username and password ngayon. [Tapos] sinabi rin sa akin na bawal palitan ‘yung password,” he added.

To date, Netflix has been tolerant of password sharing between audiences. Top executives of the streaming platform are aware that instances like these happen, but they do not expect much to change.

“We could crack down on it but you wouldn’t suddenly turn all those folks to paid users,” Netflix Chief Financial Officer David Wells said in a 2016 conference. 

‘Hijacked’

Password sharing isn’t always the case, as some viewers watch Netflix content through illegally-owned accounts.

They get these accounts through online sellers who market these subscriptions on Facebook, Twitter and Instagram. They can give their buyers access to Netflix’s wide array of content, for less the market price.

How do they do it? One way is by linking customers to pre-existing Netflix accounts using set user credentials. Without the consent of the original user, people can binge-watch for a fraction of the price. 

Through phishing mechanisms, hackers in the dark web have a large catalog of Netflix credentials at their disposal. These phishing schemes are common tales, Information Technology Consultant Lito Averia said. 

“I heard a lot of stories, and I’m pretty sure you would find Netflix accounts, Spotify accounts or similar services available,” Averia said. “They are the ones that have been hijacked. When I say ‘hijacked,’ there might be an existing Netflix account that has been breached.” 

This catalog of credentials grows through different mechanisms where they trick unsuspecting users into giving away their username and password.

A common method is that hackers introduce a link to a Netflix-like webpage asking for the account holder’s username, password and sometimes credit card details. 

“The account holder receives an email from what appears to be a legitimate administrator of Netflix asking them to update their account,” Averia said.

Once logged in, hackers use unsuspicious users’ Netflix credentials and sell them without the account holder’s knowledge. Thus, this pumps life into the black market for free and low-cost Netflix accounts.

This form of leaching has taken its toll on the security of Netflix users. As targeted users do not consent sharing their credentials with random strangers, they unwillingly pay for others freeloading on their account. 

Jolo Esmatao, who shares his legally-paid Netflix account with his family, found out that it was not just them watching. 

May [nag-access pala] from Cebu, Nueva Ecija, Iloilo. … Sino ‘yun? Ngayon ko lang siya nakita,” he said.

Photo by John-Mark Smith from Pexels

Dark web 

But sometimes, hackers do not only obtain these accounts by phishing. 

In a 2016 article by The Atlantic, resellers of cheap Netflix accounts go to the dark web, a part of the Internet that caters to illegal business transactions which is nearly impossible to track down. 

Hackers exploit the vulnerabilities they find in a certain system or server then introduce malware to infiltrate the server’s database, Averia explained.

These hackers also leave a backdoor in the corrupted system for easier access in case they need to reenter, making the cycle of illegally acquiring Netflix accounts not only possible, but easier.

Lea*, who availed of a P40 solo Netflix account through an Instagram reseller, said that hackers also sell tutorial services to teach people how to infiltrate the system.

May mga nakita akong shops na nag-o-offer ng tutorials, like kung paano makakapag-create ng mga Netflix accounts, tapos pwede mo na ibenta. Kaso nasa P400 ata ‘yung tutorials,” she said. 

Resellers

Still, resellers do not need to know the actual process of ‘hijacking’ accounts to engage in the business. 

Tricia*, a junior high school student who started reselling accounts last August, said that she only posts products on social media to look for buyers while her “supplier is in charge of everything else.” 

Ang nangyayari kasi is parang regular customer ako ni supplier. Kapag may bumili, kukuha ako ng account sa kanya then babayaran ko ‘yun. Siya ‘yung direct maker then pinapasa niya sa akin,” she added. 

Tricia gets a steady stream of customers, mostly students, because the accounts she offers no longer require credit card details upon sign-up. She added that many users, both first-time and old, are enticed to avail of her accounts.  

She admitted that her online reselling gig helped finance her studies and allowance after her family struggled for income while in lockdown. 

The huge demand allows her to earn around P700 to P1000 a day, just from selling Netflix accounts alone. Her earnings skyrocket to P2,000 when the profit from other premium accounts on Spotify, Adobe Creative Cloud, Canva and popular gaming software like Mobile Legends are included.

Aside from selling accounts themselves, resellers can also look for other resellers and profit from their incomes through a commission basis. Tricia said the absence of a reselling fee and quota makes it easier for resellers to come and go as they please. 

When asked about potential security breaches that maneuver this business, Tricia admitted that she was aware of illegally-created accounts. But her supplier assured her that the ones she sells are sourced “directly from the Netflix website in good faith” using gift cards purchased from Coda Shop — an online top-up site partnered with Netflix.  

These gift cards function like debit cards. Resellers would create an account using these cards and sell profile slots at a cheaper price, similar to how  relatives and friends typically share their Netflix accounts. 

Karamihan po [ng] nagbebenta ay totoong mga hacked accounts. Pero hindi naman po lahat [ganoon],” she said. “Hindi naman masama ang pagbili ng mga accounts sa mga resellers, basta sisiguraduhin lang na ito ay legally paid directly sa Netflix.

Photo by Soumil Kumar from Pexels

Policies 

In a recent report by the National Computer Emergency Response Team (CERT-PH), 900 cybercrime-related incidents were reported from January to July 2020. Out of the list, 11.3% was “social media hacking” and 7.9% was phishing through the web.

CERT-PH is a division from the Department of Information Communications Technology (DICT) tasked to monitor cybersecurity breaches.

The National Bureau of Investigation (NBI) said in July 2020 that reports of phishing cases have increased by more than 200%.

NBI-Cybercrime Division Senior Agent Francis Señora said that before the pandemic, the Division only had around 30 phishing cases, but only three weeks into the pandemic, they saw an additional 70 cases.

Señora explained that as people are more glued to their devices during quarantine, it has become an “opportunity for attack.”

DICT earlier warned netizens in April that online scams could threaten personal data and credit card information. 

The Facebook post, which only warned against bank account phishing, did not mention online sellers who market premium accounts.

report written by Gilbert Sosa, previous Chief of the Anti-Transnational Crime Division of the Philippine National Police, bared that there is a lack of national policies watching over cybercrime in the Philippines.

“The most important cyber-security legislation in the country, which is Republic Act 8792 or the E-Commerce Act, only penalizes hacking, cracking and piracy. It does not provide penalties for other cybercrimes such as cyber-fraud and similar offences,” he wrote.

Law enforcement remains one of the major roadblocks of a safe cyber landscape. Sosa said that most law enforcers do not have the proper training on cybercrime skills, such as computer forensics, investigation and handling of digital evidence.

What’s next?

“There is so much to be done in terms of cybersecurity,” Averia said. “The Internet, the cyberspace, it’s here to stay. It is being normalized as a space where we move. [The pandemic] simply accelerated the adoption of the cyberspace as an alternative platform.”

Despite her unfortunate experience with an online transaction, Santiago believes things might change in the future.

“There is a chance [for stricter cybersecurity]. Since ayun nga, the regulation of online shops [was] already discussed before. Although matatagalan pa siguro ‘yung mga stringent policies for premium [account] businesses,” she said.

Meanwhile, Bernardo says the government is unlikely to do something about these cases unless “consumers become more dependent” on streaming platforms such as Netflix. 

The market for reselling Netflix accounts is growing, but Bernardo thinks that it is not here to stay. 

“Besides, hindi stable ‘yung service ng mga resellers since laging nagloloko, kaya baka anytime soon mag die-down din ‘yung ganitong klase ng business,” he added. 

*The names of the interviewees have been changed at their request. 

The writers contacted Netflix Philippines for comment, but there has been no response as of press time.

About the Authors

Regina Adolfo, Rhenzel Caling and Renz Palalimpa are students of Journalism in the University of the Philippines.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.