Massive Illegal Password Sharing Service Busted

Fraudsters had access to over 270,000 unique accounts, charging as little as $1.79 for access to Netflix, Spotify and others.

A Portland, Oregon, federal grand jury has charged a man for a scheme to steal and resell customer account details for streaming services including Netflix, Spotify Premium, and HBO Max.

The indictment names Samuel Joyner and an accomplice, Evan McMahon of Sydney, Australia. It alleges that they operated an online service called “AccountBot,” through which users could pay a low fee to access stolen streaming service accounts.

The allegations are a particularly bold example of a hacking risk that costs streaming services billions each year.

AccountBot Sold Accounts as Low as $1.79

The indictment states that the AccountBot site claimed to have access to over 217,000 unique customer account credentials and to have served over 52,000 customers.

“AccountBot customers paid between $1.79 and $24.99 for access to the stolen credentials, depending on how long and which service they wanted to access,” reports The Verge.

The charges are “conspiracy to commit computer and access device fraud,” and come with a maximum sentence of five years in federal prison.

The indictment also holds that the men stolen the passwords through credential stuffing attacks, a term for large-scale automated login requests. With this process, a hacker takes login information from previous data breaches and feeds each username and password combination into various streaming services until they find the combinations that work.

Password Theft Is Huge

These recent charges are far from the first sign that bad actors online are stealing and reselling passwords to paid services.

In some cases, Facebook, Instagram, or Twitter accounts are stolen, cutting off the original owner entirely in order to deliver the account to a new owner who wants a built-in audience or a particularly unique username. But when it comes to Netflix and Spotify, you’ll retain your account — you’ll just have someone else poking around in it.

As many as 350,000 Spotify accounts were hacked in November 2020, while Netflix passwords were included in a massive compilation of 3.2 billion credentials that surfaced in February 2021.

In this new charge, no details were given on how much total revenue the alleged streaming password reselling scheme was bringing in, though it’s hard to imagine the monetary benefits were a high as, say, the millions that ransomware attackers can potentially make. Still, stealing an entire inventory would be one way to keep the overhead costs low.

Are Your Passwords at Risk?

One common phishing technique for swiping Netflix passwords involves building a fake sign-in page or a spoofed account creation page that look just like the real thing but only exist to scoop up your password or payment information.

The solution is a good password manager: Many of the top password keepers will autoload your password, but only on the real website, and may even flag spoofed log-in pages. We’ve rounded up the best options over here.

The other big issue is an unsecured connection, like in a hotel or an Airbnb rental. Paying a few bucks a month for a great VPN can help with this, and we have the top VPN solutions ready to go as well. Get a solid password manager and VPN, and you’ll be fairly safe from the password reselling schemes of the world.

There is still one big downside here, though: Netflix is sure to eventually cite stolen accounts as the reason why they’ll crack down on account-sharing down the road. Shout out to my old college roommate Joel for letting me use his Netflix password for the last seven years.

Here’s a quick look at your password manager options:

0 out of 0
Local Storage Option
Two-Factor Authentication
Failsafe Function
Password Generator Function
A password manager can create secure, complex passwords for you. You won't need to remember them yourself.
Help Instructions
Email Support
Live Chat Support
Phone Support
Price
Business Plan?
Business Price
Cheapest available business plan
Click to Try

NordPass

LastPass

Dashlane

Sticky Password

$1.69/month

$2.40/month

$8 per user/month

$19.99 per year

$19.95/10 users

$2.51 user/month

$3.20/user/month

$60/user

$29.99/user/year

Try 1Password Try NordPass Try LastPass Try Dashlane Sticky Password
About our links

If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals