Millions of Netflix account details leaked online

Security researchers uncover login details for Netflix, Disney+, Amazon Prime Video, Apple TV+ and Max

Tuesday 27 May 2025 13:54 EDT

Millions of accounts belonging to streaming services like Amazon Prime Video, Disney+ and Netflix have been compromised (iStock/ Getty Images)

Your support helps us to tell the story

Support Now

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Over 7 million accounts from Netflix and other streaming services have been compromised, according to security researchers.

A new report from cyber security firm Kaspersky noted that login details were collected by criminals as part of a broader credential theft campaign, rather than individual services being hacked.

The researchers uncovered 7.01m compromised credentials from Netflix, Disney+, Amazon Prime Video, Apple TV+ and Max in 2024, with Netflix accounting for more than 5m of the accounts.

It is believed that the account details were compromised through unofficial browser extensions, apps and other downloaded software that silently collect login credentials and personal data.

“Malware hidden in unofficial downloads or third-party tools silently steals login credentials and personal data, which are then traded or sold on cybercriminal forums,” said Polina Tretyak, a digital footprint analyst at Kaspersky.

“Protecting your streaming account today means thinking beyond passwords – it means securing your devices, avoiding suspicious downloads, and being mindful of where your clicks lead you.”

The Independent has reached out to Netflix for comment. The streaming giant’s website has advice for users on how to keep their account secure.

Popular streaming services have frequently been a target for cyber criminals, with one recent phishing scam targeting Netflix users in 23 countries.

The campaign involved sending emails and SMS messages to users claiming that their subscription was coming to an end, or that their payment had failed.

A report last December from cyber security firm Bitdefender warned people to avoid clicking on links, even if they appear legitimate.

“Don’t follow links in messages. If you are unsure about a message, either SMS, email or otherwise, you can always manually input the address in a browser and check your account,” the researchers wrote.

“If you offered the attackers Netflix credentials and personal information, change the password as soon as possible and cancel the compromised card.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Stay up to date with notifications from The Independent

Thank you for registering

Millions of Netflix account details leaked online

Security researchers uncover login details for Netflix, Disney+, Amazon Prime Video, Apple TV+ and Max

Join our commenting forum

Thank you for registering