Netflix, Spotify and EA are among the most hacked online accounts - here’s how to protect yourself

Thursday, 13th June 2019, 8:52 am
Updated Thursday, 13th June 2019, 10:52 am

With high profile online data breaches becoming increasingly common, security when using the internet is a significant concern among web users today.

And while you may feel inclined to trust the larger digital brands to spend more on ensuring that their users are safe, this is not always the case.

An investigation by internet security experts DynaRisk has found that some of the world’s biggest online are among the accounts most commonly hacked by cyber criminals. Among those most often accessed illegally are Netflix, Spotify and EA, according to the report.

Six hundred different brands were investigated by DynaRisk, which found that gaming, streaming and pornography sites were some of the most targeted by hijackers.

Other sites that frequently fell victim to security breaches include retail giant Amazon, Facebook and the Xbox and Sony entertainment websites.

The most targeted websites

1. Riotgames.com2. Netflix3. Spotify.com4. Origin.com5. EA.com6. Sonyentertainmentnetwork.com7. Live.com8. Crackingcore.com9. Realitykings.com10. Xbox.com11. Amazon.com12. Adobe.com13. Wwe.com14. Steampowered.com15. Deezer.com16. Facebook.com17. Beatsmusic.com18. Yahoo.com19. Rapidgator.net20. Hitleap.com

Why are these sites targeted?

The result of huge caches of stolen data being made available is often account takeover (ATO) - where hackers will attempt to log into legitimate user accounts using username and password combinations obtained from data breaches. Hackers will target bigger brands to not only steal valuable information, but also to demonstrate their skills to peers within the criminal community.

There are also monetary benefits. Netflix and Spotify are the perfect target for criminals who can resell stolen credentials to willing customers who want an account a fraction of the retail cost.

DynaRisk also found that pornography sites - which make up much of the ‘non-standard content’ that was found to account for nearly 32 per cent of hacked sites they studied - were often targeted because of their sensitive content.

In 2017, Pornhub was targeted by hackers who had been hiding malicious software behind adverts. Affected users were infected with the virus if they clicked on a tab that stated there was “a critical update” for the browser on which they were viewing Pornhub.

Once a user clicked on the link, the virus was downloaded, and it could trace a person’s web history and identification. As a result of the year-long attack, millions of visitors to the adult website were affected.

What can be done?

Andrew Martin, DynaRisk’s CEO, believes that consumers need to be more concerned about the way in which big brands are handling their data.

He said, “Consumers’ number one concern might not be the security of their personal data when they are enjoying the content offered by their favourite digital entertainment brands – but they shouldn’t assume that brands are taking care of their information.

“Recent high-profile data concerns on social media platforms has likely alerted consumers to the ease with which data and personal information can be stolen or misused by third parties, however they might not have the same awareness of the risks to accounts on services like Netflix being attacked.

“There is a huge amount of education needed around cybersecurity – fuelled by a misunderstanding that having antivirus software installed on devices grants them immunity from having their personal details stolen.”

Steps you can take

Enable two-factor authentication

Two-factor authentication (sometimes referred to as two-step verification or 2FA) adds an extra layer of security and makes account take over more difficult. After entering your password, a code (usually sent via SMS to your phone, or via email) is required to access your account.

Use unique passwords

Some services don’t offer two-factor authentication which means it’s extremely important to use strong, unique passwords for each account. A strong password should contain between eight and 12 characters, a mixture of upper and lowercase characters, numbers and if permitted, symbols.

Use a password manager

A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand.