The 21-year-old made more than $200,000 selling stolen account logins, according to police.
An Australian man has been arrested after allegedly raking in an estimated AU$300,000 ($211,000) selling stolen login details online.
The man was allegedly behind the website WickedGen.com, which boasted that it had 120,000 users and sold Netflix , Spotify and Hulu logins stolen from almost 1 million accounts.
Working on a tip-off from the FBI, Australian Federal Police arrested the 21-year-old man on Tuesday, according to a police statement.
"The account details were obtained through credential stuffing, which sees a list of previously stolen or leaked usernames, email addresses and corresponding passwords re-used and sold for unauthorised access," the statement read. "The accounts details were from unknowing victims in Australia and internationally, including the United States."
While account sharing is common (roughly one third of streaming users say they'd quit a service like Netflix if it tried to stop password sharing), account stealing is a different matter.
"These types of offences can often be a precursor to more insidious forms of data theft and manipulation, which can have greater consequences for the victims involved," said the manager of cyber crime for the AFP, Acting Commander Chris Goldsmid.
The lesson? Don't use the same login details for everything and be careful with your passwords.