Police bust man for allegedly selling 1 million Netflix, Spotify passwords

The 21-year-old made more than $200,000 selling stolen account logins, according to police.

Claire Reilly Former Principal Video Producer
Claire Reilly was a video host, journalist and producer covering all things space, futurism, science and culture. Whether she's covering breaking news, explaining complex science topics or exploring the weirder sides of tech culture, Claire gets to the heart of why technology matters to everyone. She's been a regular commentator on broadcast news, and in her spare time, she's a cabaret enthusiast, Simpsons aficionado and closet country music lover. She originally hails from Sydney but now calls San Francisco home.
Expertise Space | Futurism | Robotics | Tech Culture | Science and Sci-Tech Credentials
  • Webby Award Winner (Best Video Host, 2021), Webby Nominee (Podcasts, 2021), Gold Telly (Documentary Series, 2021), Silver Telly (Video Writing, 2021), W3 Award (Best Host, 2020), Australian IT Journalism Awards (Best Journalist, Best News Journalist 2017)
Claire Reilly
Angela Lang/CNET

An Australian man has been arrested after allegedly raking in an estimated AU$300,000 ($211,000) selling stolen login details online. 

The man was allegedly behind the website WickedGen.com, which boasted that it had 120,000 users and sold Netflix , Spotify and Hulu logins stolen from almost 1 million accounts. 

Working on a tip-off from the FBI, Australian Federal Police arrested the 21-year-old man on Tuesday, according to a police statement

"The account details were obtained through credential stuffing, which sees a list of previously stolen or leaked usernames, email addresses and corresponding passwords re-used and sold for unauthorised access," the statement read. "The accounts details were from unknowing victims in Australia and internationally, including the United States."

While account sharing is common (roughly one third of streaming users say they'd quit a service like Netflix if it tried to stop password sharing), account stealing is a different matter.

"These types of offences can often be a precursor to more insidious forms of data theft and manipulation, which can have greater consequences for the victims involved," said the manager of cyber crime for the AFP, Acting Commander Chris Goldsmid.

The lesson? Don't use the same login details for everything and be careful with your passwords.