Photo: Rc Xyz Nft Gallery

Convicted of hacking and reselling users’ access credentials to streaming services

Apr 15, 2024 | Trials

15. April 2024

A 30-year-old man has just been sentenced to prison for illegally accessing and subsequently reselling lists with a total of 500,000 username and password combinations belonging to unsuspecting people, and in 47 cases reselling some of these credentials, which the convicted person had checked gave access to streaming services. 

On Monday, April 15, the Court in Odense sentenced a 30-year-old man to 40 days’ suspended imprisonment and 60 hours of community service for having acquired and later resold lists with approximately 500,000 hacked credentials and for having resold at least 47 credentials for streaming services that belonged to and were reserved for specific paying subscribers. The credentials were for Viaplay, HBO Max, YouSee and TV 2 Play Sport and Favorit, among others, whose content the buyers of the credentials thus gained unauthorized access to. The sentence also includes attempted complicity in data fraud.

He received a sentence of 40 days’ suspended imprisonment with 60 hours of community service, confiscation of DKK 1,733.70 and a PC. The convicted person must also pay the costs of the case.

In a press release from NSK, deputy prosecutor Brian Kaas Borgstrøm states:

“The convicted person has exploited data leaks to obtain random customers’ login information for a number of online services. He has since sold the information both collectively and individually. This has given his buyers the opportunity to abuse the real customers’ accounts.”

Read NSK’s press release here (Danish)

Early action has prevented new file sharing culture

The Rights Alliance spotted the trend of hacking and selling access credentials to streaming services early on and quickly acted with a series of notifications. Thanks to the effective efforts of the Rights Protection Section at NSK, the trend was nipped in the bud before it developed into a new file-sharing culture that could seriously damage the industry.

Maria Fredenslund, CEO of RettighedsAlliancen, says

“We are pleased that the ruling highlights that reselling logins to streaming services is a punishable crime that has consequences for streaming services, content creators and the users who pay for content. The NSK’s Rights Protection Section is currently doing a lot of work to address the resale of streaming credentials, and hopefully their efforts in this case can help prevent similar offenses in the future.”

Lars Bo Jeppesen, EVP Viaplay Group & CEO Viaplay Denmark, said:

“Any kind of fraud, scams and piracy is unacceptable. We are therefore pleased that this type of crime is taken extremely seriously and punished severely. With our ability to identify IP addresses and track illegal sharing, we will continue to crack down on these cases. It is crucial to continue to strengthen our efforts against illegalities of this kind as it undermines artistic content and sports rights by attacking its foundation and the livelihoods of its creators. Furthermore, the revenue generated by fraudsters through fraud often directly contributes to the financing of other crime. This is unacceptable and therefore we welcome the verdict.”

Marie Lykke Lützhøft, CEO of TV 2 Play DtC Sales and Customer Relations, says:

“At TV 2, we take customer data security very seriously, which is why we are also pleased that a verdict has been reached in this serious case. Illegal subscription sharing is a focus area at TV 2, both resale as in this case, but also illegal subscription sharing between family and friends. TV 2 is constantly investing in new content for TV 2 Play, and if we are to continue to invest, we need to take action against illegal subscription sharing across the industry.”

Louise Riisgaard, Industry Director at the Danish Chamber of Commerce, said:

“Hacking and reselling of login credentials to streaming services is serious as it has negative impacts for the streaming services and content producers as well as the users whose login credentials are misused. We are therefore pleased that the verdict once again emphasizes that hacking and reselling of login credentials is of course punishable and will be prosecuted. The case also emphasizes the importance of the government allocating resources to carry out these tasks.”

Reselling of access credentials is possible to crack down

This case is not the first example of criminals exploiting online data leaks to make a profit by reselling access credentials to streaming services. In June 2023, a 41-year-old man was given a six-month suspended prison sentence for copying and sharing Ekstra Bladet+ articles, which he gained access to using credentials belonging to the service’s users. The Rights Alliance also expects to see more extensive court cases in the coming years regarding hacking and selling credentials to streaming services. 

Contact:

CEO of the Rights Alliance, Maria Fredenslund, tel. +45 21 64 74 48, maria.fredenslund@rettighedsalliancen.dk

Read also: Six months in prison for illegal sharing of books and articles