Steerpike

I originally posted this over on the 'gogglebox' thread in the Maple Leaf, but since I got a few responses, and I wanted to follow up, I'm creating this new thread here so as not to take that thread off-topic.

Originally posted - https://britishexpats.com/forum/mapl.../#post12861360

I just got an email from Netflix as follows:

We noticed a new sign-in with your Netflix account (my account name)
Device Web Browser
Location Krasnoyarsk Krai, Russia
(may not match your exact location)

Now, I don't use any VPN/etc, so there's no explanation for that location. My password is not exactly complex, but it's not easy either (non dictionary, upper/lower/numeric etc). Has anyone else had this experience and have a reasonable explanation for it? There are two quick possibilities that come to mind, and I'll pursue both ... just wondered if I'm missing anything ...
1) the password was guessed
2) the password was revealed through a hack of (eg) Netflix own servers, or, some other service where I use the same password. The Netflix password was one of the older passwords I set up a long time ago, and was shared back then with other ancient services, so a hack of 'some other' service would yield the same username/password that could be tried on Netflix.

It doesn't bother me that someone has hacked into my netflix account as there's nothing there to 'steal', but - I AM worried about how they got the password!

=================

Sharkus' response: https://britishexpats.com/forum/mapl.../#post12861456

If the email and / or password has been used elsewhere in the past, it's possible there was a breach at one of those sites and that's where it came from. You could pop over here https://haveibeenpwned.com (it is a legitimate site) and enter your email and see what results come up.

To be honest, I'd err on the side of caution and change the password for netflix. If you actively use and other sites where that email and password combo is set up, I'd probably change it there too. If Netflix has two factor authentication (not sure if it does) then it would be worth turning that on at the same time.

I've been using a password manager for a while now and tend to generate random passwords for any new sites I use. Thus if one site does get hacked, that password would not get them into another site, which is handy, as it prevents the long slog of going through a bunch of sites and changing passwords on them.

===================

I went to the website given - https://haveibeenpwned.com/ and entered my username. Luckily, it showed as not having any issues. But then I put in my girlfriend's email address, and got several hits.

One was 'evite', another was LinkedIn, and another was verifications.io. Then there were 'lists' - Exploit.In, "Anti Public Combo List", and "Data Enrichment Exposure From PDL Customer".

I will certainly encourage her to change her passwords associated with her userid.

I'm still curious to know if there are any other possible sources of my Netflix 'incident'. One suggestion was that free VPN servers are often compromised, but I don't use any VPN service of any type.

calman014

The possibilities are actually endless and complex. Malware, tracking cookies, sites where you have signed in using your GMail or Facebook accounts etc. etc.
The best thing you can do is change the password immediately anyway.

Steerpike

I changed my password with Netflix. What's interesting is, whoever it was, they didn't change the login / email associated with the account, nor did they change the password (which would have prevented me from logging in). I've read that Netflix 'hacks' usually involve the login email being changed, or the password, so you the account owner can't log in yourself without contacting Netflix. But they were probably just testing to see if that combo was still valid and are now using it all over the place to test access.

I'm an IT consultant and fairly aware of security issues, and I stay well away from dodgy sites (streaming video sites, porn, etc), and use a 'sandbox' browser if I need to visit anything 'unusual'. I also use '2FA' on my banking and Amazon sites. So I'm fairly 'safe'. I rarely log into FB, and never use my FB or gmail account as a login for any other site - I always opt for 'local' credentials. I'm not overly concerned about this but more curious as to how it happened.

calman014

Most times it’s somebody else who has your email address or login details and it’s picked up by one of the methods I mentioned.
It also happens with mobile phone numbers, FaceTime and messaging accounts and Gmail quite a lot.

SpoogleDrummer

I always make sure it's a legitimate email first, obviously don't click on any link in the email and go to Netflix and check your account activity to be sure someone else has logged in. If they have then make sure you use the sign out all devices option before as well as changing the password. I imagine if it was compromised they didn't change the password because they don't want you to notice they're in there, that way they can just use your account for free where as if they change the password you'll either just reclaim your account for cancel it the payment for it so they lose access regardless.

My credit checks tell me that my email account has been compromised as it's on the dark web and to change my password etc but the email address they list is just one of my forwarding addresses so there's no account or password to be compromised so I just ignore it.