Aussie police, in partnership with the FBI’s men in black, have nabbed a 21 year-old cybercrime entrepreneur who had amassed almost one million sets of account detail for popular online services like Netflix, Spotify, Hulu and the PlayStation Network.
He was selling monthly and yearly membership plans for those who wanted to access these accounts were on the WickedGen.com website which has now been taken offline.
The cops said the culprit created and ran the WickedGen website and allegedly made AU $300,000 (US $211,000) from selling hacked personal information.
Interestingly the miscreant didn’t steal the information himself. Rather he seemingly acquired the information from other hacks.
- The account information was obtained through credential stuffing. This is the process of gaining unauthorized access to user accounts through large-scale automated login requests directed against a web application, for example, a Netflix login.
- The attacker automates the logins for thousands to millions of previously discovered stolen passwords/email addresses using standard web automation tools designed specifically for these types of attacks.
- As a result the attacker simply needed to collect the passwords/email addresses that registered a hit for the online services and put them up for sale.
A spokesman for the Australian police said: “Individuals in Australia have had their personal data stolen for the sake of individual greed. These types of offences can often be a precursor to more insidious forms of data theft and manipulation, which can have greater consequences for the victims involved.”
But of course these stolen details didn’t necessarily come from Australia alone; they were probably stolen from people all over the world including Europe and the US.
- To help protect your online accounts ensure that you always use hard-to-guess, hard-to-crack passwords, and that you never reuse the same password in more than one place.
- Whenever possible, enable two-factor authentication for an additional layer of security.
Also consider BullGuard Premium Protection
. Alongside award-winning antimalware it also provides comprehensive ID protection. You can safeguard all your personal data, including online ID credentials for services like Hulu and Netflix. If your information appears online you receive an immediate alert allowing you to take protective steps.