Man Arrested For Selling One Million Netflix, Spotify, Hulu Passwords

Police in Australia have arrested a man who allegedly made AU $300,000 (US $211,000) running a website which sold the account passwords of popular online subscription services including Netflix, Spotify, Hulu, PSN, and Origin. From a report: The 21-year-old man was arrested on Tuesday in Sydney, Australia, following an international investigation by the FBI and the Australian Federal Police into the website Wicked Gen. The Wicked Gen website bragged that it had over 120,000 users and almost one million sets of account details, offering monthly and yearly membership plans for those who wanted "access to thousands of premium accounts across a huge range of services." The account passwords, however, were not obtained via legitimate means. Instead the details were typically obtained through credential stuffing using swathes of usernames and passwords leaked through other data breaches, without the knowledge of their genuine owners.

Dam..

[blackt0wer]

Now I can no longer stream.

Re:Now I can Finally

[wolfheart111]

Stream... that was you eh...

Re:

[Lord Kano]

What does R. Kelly have to do with this?

Re:Huh

[wolfheart111]

nothing... u lost me.... :|

"Credential Stuffing"

[godel_56]

So basically people reusing the same login and password across different web sites.

tl;dr Use a password manager.

Re:

[vinn01]

"Credential Stuffing" has got to be one of the worst descriptive tech terms. Just say "Password Reuse".

It's not much of a hack to find a password and see what other websites the same password works on. Given that every fricken website uses email address for a username, once you have a email/password pair, you know the same pair is probably going to work elsewhere.

How Were The Real Victims

[rtb61]

Kind of interesting story when you try to figure out who the real victims were, far more complex than it might seem at first. So the people who bought those usernames and passwords, well they were naughty people and knew full well what they were doing and yet in reality, once the actual holder of the username password finds out, they alter the account and the person who bought it has nothing, they can not lock the real user out because they will simply stop paying, so they knowing buyer is defrauded because

Re:

[Mr. Dollar Ton]

Man, the Tom Clancy books are fiction. Bad, bad fiction. Get a real life, stop worrying about things that ain't gonna happen.

Re:

[Hognoxious]

So the people who bought those usernames and passwords, well they were naughty people and knew full well what they were doing and yet in reality, once the actual holder of the username password finds out, they alter the account and the person who bought it has nothing, they can not lock the real user out because they will simply stop paying, so they knowing buyer is defrauded because they buy nothing, over the medium term.

If the Energizer bunny was a sentence it would be this one.

Re:

[KingMotley]

This isn't a civil offense in the US. I am not a lawyer, but I suspect the following applies: 18 U.S. Code 1030(a)(5)(A) and 18 U.S. Code 1030(a)(6)(A): https://www.law.cornell.edu/us... [cornell.edu]

Any takers?

[Plus1Entropy]

I bet he gets more jail time than Manafort. The system is fucking broken.

Clearnet?!

[Denis Goddard]

So wait. This guy set up his site for selling stolen credentials on the CLEARNET? Did he accept payment in PayPal as well? What an idiot. Doesnâ(TM)t he know, situations like this are why God invented the darknet?