It might be time to change your Netflix password. A new report shows that your streaming account isn't just vulnerable to your exes still using your login to watch terrible TV shows—but it's also scarily open to hackers looking to steal your personal information.
Lionel Payet, a staffer at computer security firm Symantec, wrote in a blog post that the company has observed hackers using shady techniques to try to get login information from Netflix users. One end goal is to sell the accounts on a black market for cheaper, even as low as 25 cents, according to PC Magazine.
In one scam, primarily affecting users in Brazil, hackers will get software on your computer that looks like Netflix, but is actually malware. Once you open it, it automatically downloads software that steals banking information from your computer. In another scam, targeting users in Denmark, hackers created a "phishing campaign," showing users a site that looks like Netflix and telling them their accounts needed to be updated because of an issue with their payment. Users would then enter their login and other personal information, only to have that data stolen.
Once the scammers have access to your account, you might not know it for a long time. They'll sell your username and password on the black market and tell buyers not to change the password. That's because a password change would send an email to the original user—you—and alert them that something fishy was going on. According to The Atlantic, a similar black market exists for logins for HBO Go, Spotify, and many other streaming services.
But there are a few easy steps you can take to protect yourself. The Daily Dot recommends you go to your Netflix account on a browser, go to settings, and opt to sign out of all your devices at once. Then change the password and log back in. After that, be sure to keep an eye on your activity, including recently watched movies and TV shows. If something looks like it's not you, you should change your password.
If you get an email from what looks like Netflix, check out the actual email address it's coming from before you click on anything, and check out the actual URL in the address bar when you access what looks like Netflix.com. If something looks off, it probably is. Same thing with any offers for cheaper Netflix—as much as you'd like it, there's no such thing as a free binge watch.
A spokesperson for Netflix told The Daily Dot that they "pro-actively monitor our member accounts for fraud and alert members if we see anything suspicious." For more information on how to secure your account and report shady-looking activity, check out Netflix's security guide.
Follow Marie Claire on Instagram for the latest celeb news, pretty pics, funny stuff, and an insider POV.