Hackers Exploit Netflix’s Cancelled Account Loophole

Hackers Exploit Netflix’s Cancelled Account Loophole

Netflix customers who cancelled their accounts months previously have found themselves mysteriously reactivating subscriptions and paying for the wall of content once more, thanks to criminals hacking their access credentials and using Netflix’s love of holding on to payment data to their advantage.

The problem here is that Netflix makes it very easy to reactivate a cancelled account by holding on to a user’s payment details for 10 months after the deactivation of a subscription. You know, in case some other zeitgeist documentary needs watching in order to keep yourself in touch with the mood of the nation. Maybe that murderer guy is being given another free ride?

So of course, if account access details are obtained through shady methods within 10 months of cancellation, the hacker may reactivate an account using saved payment methods and perhaps change the user account access passwords to lock out the original holder to boot, getting themselves entirely free Netflix access for as long as it takes for the victim to spot the return of the direct debit.

Netflix generously says if this happens all you have to do is notice, then email it and it’ll close the account; not much use if you’ve been paying for some random to enjoy all the HD streams for the last six months, though. [BBC]

This post originally appeared on Gizmodo UK, which is gobbling up the news in a different timezone.