Personal information of 7 million OTT accounts including Netflix and Disney+ leaked - South Korean report

Global OTT (On-Demand) services such as Netflix, Disney+, and Amazon Prime Video
It has been confirmed that approximately 7 million account information of LINE (Streaming Video Service) users has been leaked. Some of the information reportedly includes that of Korean users.
According to global security firm Kaspersky, last year Netflix, Disney+ and Amazon Prime
There are indications that approximately 7.03 million pieces of account information related to major OTT platforms, including Netflix, Amazon Video, Apple TV+, and Max, have been leaked.
The number of accounts leaked for Disney+ reached 5.63 million, the highest number of accounts leaked. About 680,000 accounts for Amazon Prime were leaked, and
It was estimated that about 1,600 videos were leaked. By country, Brazil, Mexico, and India were the most affected, with South Korea coming in seventh in the number of accounts leaked.
Kaspersky Lab said the leak was not the result of a hack into the servers of the OTT service itself, but rather that users' devices (PCs, smartphones, etc.) were infected with malware.
It was analyzed that it is highly likely that the login information was stolen in the process of being infected with malware, visiting a phishing site, or installing an unofficial app.
Once infected with malware, attackers can harvest not only account information, but also cookies, credit card details, and other sensitive data, which can then be sold on the black market.
It could be sold or given away for free, leading to identity theft and financial fraud. This is not the first time that OTT accounts have been hacked. Netflix, TVIN
There have been continuous reports of account information for domestic and overseas OTT services, such as Netflix, Netflix.tv, and Watcha Play, being leaked onto the dark web.
Approximately 70,000 accounts were leaked onto the dark web, giving rise to the phenomenon of "credential stuffing" (an attack in which account information already obtained is randomly entered into other sites in an attempt to gain unauthorized access).
There are also concerns that secondary damage such as theft of Disney+ account information may occur. Disney+ was also targeted by hackers shortly after the service was launched, and thousands of account information were traded on the dark web.
At the time, hackers were said to have used malware distribution, phishing emails, and account information leaked from other sites to take over Disney+ accounts.
Some have also assessed that the lack of additional security measures such as two-factor authentication contributed to the expansion of the damage.