NETFLIX Breach – user account ID changed
NETFLIX Breach on the user-id has occurred twice in one week, I have had an account with Netflix for several years. On Friday when I tried to log in to my account I could not. I got a message that my account e-mail address had be CHANGED. Since that is the only way that I can access my account, I had no user ID to get in. I had to call and wait to be connected to an account rep. Once there, I asked how that could happen, and the answer I got was that someone had BREACHED my account and re-assigned my user-id (which was my account ID) with theirs.
Linked with that information was my credit card payment information. After the recent Citicorp breach, there is no assurance that my credit card information was not breached. The solution the account rep gave was to CANCEL my account. Which I did and created a new account with a DIFFERENT email address. I also added my mobile number for account verification.
That worked for a day and on Saturday evening someone else logged in to my NEW account, turned on the service for their account and changed the user-id again. The only thing that I got were two emails from Netflix. One saying that someone accessed my account and the second that told me my user id had been changed.
When I talked to the agent at Netflix on the SECOND breach there was no sense of urgency. I have my credit card associated with the account and now have a concern that the credit card information has been hacked.
NETFLIX Breach – Do they even care that they have a security issue?
In both cases with both email addresses, they were uniquie and the passwords were over 8 characters in length. In addition, they had one upper case letter, two numbers, and a special character. Somehow they were able to get into the account, and change key information. They also have the capability to change the seconday security mobile phone number.
The fact that the only concern they had was to get my account back on-line so I would pay is troubling. Netflix did not address the issue of managing the changing of my user-id. Nor did they address the core issue of how the account got breached and then not providing me with a soulution. For example a solution could be, having a DOUBLE verification before they change key security and personal information or making it so the userid could not be changed. Either solution would work.
I forecast the Netflix will be the next major corporation that will have the public embarasement of a major security breach.