Introduction
As digital consumption habits shape the entertainment industry, they also influence cybercriminal strategies. One example is the theft of accounts for streaming services like Netflix, Amazon Prime Video, and Disney+. Mexico is among the countries with the highest number of compromised streaming accounts, leading globally in Amazon Prime Video thefts and ranking second for Netflix account breaches.
Cyberattacks on Streaming Platforms
According to cybersecurity firm Kaspersky, between April 2024 and March 2025, there were 96,288 attempted attacks disguised as the five most popular streaming platforms. Netflix led with 85,679 attempts, followed by Amazon Prime Video (6,865) and Disney+ (1,675).
These attacks primarily involve malicious files presented as fake applications, download links for movies, or false login forms. Approximately 18,200 users worldwide fell victim to these scams, with May 2024 seeing the highest number of affected individuals.
Phishing is a common method, where cybercriminals replicate login interfaces of services like Netflix or HBO Max. They use urgent messages such as “Your subscription expires today” or “Verify your account now” to steal user credentials.
These scams spread through emails and social media, exploiting users’ familiarity with the brand and psychological pressure to avoid losing access to their favorite content.
Black Market for Stolen Accounts
Once stolen, accounts are sold on cybercrime forums at low prices, often bundled with other user data. Some are marketed as “shared” or “modified” premium service access, while others are freely distributed by hackers seeking recognition.
Cybercriminals use malware like Troyanos-PSW (Password Stealing Ware) to steal stored credentials in browsers or applications. These files, sometimes disguised as fake Netflix updates or modified apps promising unlocked features, can also install spyware or ransomware.
Kaspersky found that nearly 80% of attacks rely on tools classified as RiskTool, potentially dangerous applications that open the door to future infections or data collection.
In Mexico’s case, the country not only suffers from the highest number of compromised Netflix credentials but also leads in Amazon Prime Video account breaches, surpassing Brazil and France.
Consequences for Users
The consequences for users extend beyond losing access to their entertainment accounts. Often, these credentials are linked to bank cards or repeated across other services like social media, e-commerce platforms, or online banking, potentially leading to financial fraud, identity theft, and sensitive information breaches.
Key Questions and Answers
- What streaming platforms are most targeted for account theft? Netflix, Amazon Prime Video, Disney+, Apple TV Plus, and HBO Max are the most targeted platforms for account theft.
- How many compromised accounts were detected in 2024? Over 7 million accounts from platforms like Netflix, Amazon Prime Video, Disney+, Apple TV Plus, and HBO Max were detected as compromised in 2024.
- Which country leads in Netflix account breaches? Brazil leads in Netflix account breaches, with Mexico ranking second.
- What methods do cybercriminals use to steal streaming account credentials? Common methods include phishing, malware like Troyanos-PSW, and disguised fake updates or modified apps.
- What are the consequences of stolen streaming account credentials? Stolen credentials can lead to financial fraud, identity theft, and sensitive information breaches, as they are often linked to bank cards or repeated across various online services.
