Former Netflix customers who cancelled their subscriptions have found their accounts reactivated without their knowledge.
Apparently, hackers were able to log in and reactivate the cancelled subscriptions without users’ bank account details.
This is because Netflix stores customer data for 10 months after account cancellation. This is to allow speedy account recovery should a user wish to rejoin. But, the streaming service says it will delete this data if a user requests for deletion via email.
Hackers exploited this loophole, reveals BBC Radio 4’s You & Yours investigation.
Emily Keen, an ex-Netflix customer who cancelled her service in April this year found that she had been charged £11.99 in September.
“I tried to login to my account, but it said my email and password had not been recognised,” she told the BBC. “It turns out the criminals had changed my login details completely and had signed me up for the most expensive service.”
Netflix assured Emily that her card would be blocked and she would receive a refund. Yet, she was still charged for the service in October and November. She managed to receive only partial reimbursement.
Many angry customers took to Twitter to complain about similar incidents.
“Super disappointed with my @netflix customer service experience. Our account was hacked, supposed to have been deactivated, was reactivated by hacker, and continued to use our credit card. We were told to file chargeback and @netflix would not offer refund,” one user tweeted.
While another wrote: “Cancelled my @Netflix subscription in July. Looked at my bank account yesterday, service reactivated. Missed an email Monday about suspicious activity. Netflix allowed the activation anyway.”
Stolen Netflix login information has reportedly been found on sites like eBay. Hackers sell them as “lifetime” accounts to bidders for as little as £3. The shopping site has confirmed that it has removed all such listings and would take enforcement action against the sellers.
Meanwhile, Netflix told that the safety of its customers is its top priority and any unauthorised use of their account should be reported immediately.
“The safety of our members’ accounts is a top priority for us, and we are always working to improve this,” said a Netflix spokesperson in a statement.
“We use a variety of measures to protect our members, notifying users to change their password when suspicious activity is detected, and when there is a sign-in to their account on a new device. If a member notices any unusual activity on their account, they should contact us immediately.”
Affected customers can call Netflix on 0800 096 6379, or use the live chat function on its website. In the event, you are struggling to get a refund from Netflix, you can directly contact your credit or debit card provider to get your money back.