Security News

Netflix tests password-sharing warning

Avast Security News Team, 19 March 2021

Plus, the U.S. election-tampering report is declassified and Tinder adds a background check feature

Some Netflix users received a surprise when they logged on last week – a warning message reminding them that password sharing is forbidden on the platform. This is something of a new stance for the streaming giant, as it has traditionally taken a lenient attitude toward account sharing, with co-CEO Reed Hastings saying in 2016, “Password sharing is something you have to learn to live with.” 

“Netflix itself has encouraged users to share accounts,” Avast researcher Luis Corrons commented. “In fact, one of the advantages of the most expensive plan is that you can have up to 4 sessions simultaneously with the same account. That being said, there is an actual need to reinforce security as there is no 2FA, and approving devices asking for this 2FA will prevent the use of stolen accounts in the future.” 

Perhaps the company has pivoted because Netflix accounts are among the most widely shared. A recent Lending Tree survey of 1,500 users found that 40% of streamers say they use someone else’s streaming account credentials, while 72% of Netflix subscribers admit they let other people use their accounts. The new Netflix warning message reads, “If you don’t live with the owner of this account, you need your own account to keep watching.” It offers to email or text a verification code to the user, and also offers a “verify later” button. A Netflix rep told Variety that the company has rolled out the warning as a limited test, and it is only being run on TV devices.

NIC releases report on foreign threats to 2020 U.S. election

The U.S. National Intelligence Council has declassified a report on foreign threats against the 2020 U.S. presidential election. Compiled by the NIC, CIA, FBI, DHS, NSA, and other agencies, the report concludes that there was no physical tampering with any voter machines or ballots. However, the Council did find that both Russia and Iran attempted to influence the election by pushing narratives intended to undermine Americans’ confidence in the electoral process. The report also submits that China considered measures that would influence the election, but ultimately decided against using them, as neither candidate’s win offered enough benefit to the nation to risk the subterfuge.

Tinder will add background check feature

Later this year, dating app Tinder will add a feature that lets users conduct background checks on their prospective dates. Tinder is owned by Match Group, which is also the parent company of Match.com, PlentyOfFish, OKCupid, and Hinge. Match Group was criticized in 2019 when a ProPublica investigation found registered sex offenders on its platforms. The background checks will be provided by Garbo, which collects public records and reports of violence or abuse. The checks will not include drug charges or traffic violations. Read more at BBC News

Australia passes new Online Safety Act

The Australian government has agreed to pass the Online Safety Bill 2021 into the country’s new Online Safety Act, despite reservations from tech companies, civil liberties unions, and some government officials. Federal opposition to the Bill argues the legislation was too rushed, with no consideration of the possible consequences. The Online Safety Act gives the eSafety Commissioner the power to order the immediate deletion of any web content if it is deemed offensive. The Australian Greens see it as the dangerous first step to normalizing a government-controlled internet. For more on this story, see ZDNet

FaceTime users suffer wave of group call spam

Pranksters are giving FaceTime users a headache with a new trend of spam calls joining group calls. According to Ars Technica, the perpetrators can call up to 31 numbers at one time, and the prank calls come in during the late hours of the night, ringing on and off as many as 20 times in short succession. FaceTime does not offer the option to limit calls to one’s address book, so users have little recourse except to block each individual number in the group chat. This is not the first FaceTime group chat bug to surface, as last year a vulnerability was discovered that allowed users to start a group chat with someone, even if that person did not accept the call. One notable thing about that bug is that it was disclosed by a 14-year-old

This week’s ‘must-read’ on The Avast Blog

We're doing things a little bit differently this week. As many parts of the world mark one year of Covid-related lockdowns, we've rounded up 10 posts that contain key news, tips and advice from the past year:

1. Leaning in to successful and secure work from anywhere
2. Back to (home) school: Preparing for continued distance learning
3. Is your family ready for distance learning?
4. 4 tips to boost your home Wi-Fi
5. 6 tried-and-true steps for staying safe online when going back to school
6. How to spot the signs of stalkerware on your phone
7. Do these three things to keep stalkerware at bay
8. Pushing back against IoT attacks intensified by Covid-19
9. Contact tracing apps face their day of reckoning
10. How do Covid-19 scams happen?