Jul 22, 2019
The following is based on a true story.
Your microwaved popcorn is ready. The big report you were working on for the last two weeks, was submitted two days before its due date. Time for a relaxing night at home, binging, in-front of your small-screen. You browse to your favorite series, hit the play button, and then you get this message: Your account is in use by other devices.
You are paying to watch from two devices concurrently, and as far as you know, you are the only one using this video service.
So why is this happening?
There are a few options to explain what’s going on.
The Ex-girlfriend syndrome
You text your kid in college, checking if he’s using the extra streams.
“I gave my password to my girlfriend… who is now my ex. She may be using this.”
And there’s more.
“I recall watching a movie together with a couple of friends on one of their XBOX consoles, and never logging out.”
This is by no means an uncommon scenario. In fact, about 55% of those who are using popular video services do so on someone else’s username and password. Often, they are watching without the account owner’s knowledge.
It’s not about malice. With credentials being so easy to spread, sharing has become a social norm, especially among millennials and Gen-Z. Once they are out there, you lose control.
And it has a direct impact on you because you are paying for a service that you cannot always enjoy.
But this kind of username and password sharing is just the tip of the iceberg.
Personal data breach
Since the beginning of this year, nearly three billion combinations of usernames and passwords were breached, according to Forbes. Databases of popular websites such as Facebook, Bell Canada, British Airways, and more were hacked. As a result, millions of users’ details were leaked and listed ‘for sale’ on different hacking forums.
Who uses shared password details and why?
The potential buyers are hackers who will then try to perform credentials stuffing attacks. They use account checkers—a service that tries to access different sites with stolen credentials, until a match is found—for different popular services, including your favorite video app. If they get a match, they may put your credentials on marketplaces. For half the price, they are ready to provide their buyers with working combinations of usernames and passwords.
If this is what happened to your credentials, then your digital identity could be at risk, and it may come-down to more than just not being able to watch your favorite shows. Social engineering attacks, such as pretexting are also popular. This is where attackers create a fabricated scenario, using partial details of a known victim, in order to steal more personal information from them. Your personal data, accessible from your video account, is a perfect starting point.
So, how can you tackle password sharing?
Firstly, protect your digital identity and keep it safe. Use two-factor authentication and employ long passwords that do not appear in common dictionaries.
Finally, you no doubt want to keep enjoying your favorite shows without disturbance. Sharing also messes up your video user experience as your recently viewed list is not updated, and you get less relevant recommendations. So, educate your family not to share video accounts outside your household. And if you are still experiencing problem, consider upgrading to a level of service that supports your actual needs.
What about businesses?
Protecting your personal credentials is one thing. But credentials sharing can also have a huge impact on businesses, particularly those providing online video services. The good news is that there are strategies they can employ to turn such threats into revenue opportunities. To learn more, read our tackling credential sharing analysis.
Short Bio of Author
Orly Amsalem is Product Manager, Video Security at Synamedia. Responsible for Synamedia’s anti-piracy and security portfolio, she has 15 years’ experience in developing and analyzing information systems, business intelligence, data architecture, machine learning and end-to-end solutions for enterprises and startups. Previously, Orly was a data scientist at Cisco.