large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Hackers are reactivating users’ cancelled subscriptions

When you cancel Netflix, you might assume your relationship with the company ends. But the way the company leaves accounts open for reactivation means that hackers can potentially resume your payments without needing your credit card details.

The BBC reports that a number of ex-members have had their accounts reactivated without permission. The victims only noticed the change when their dormant account started billing them again. 

Related: How to cancel Netflix

One such victim was Emily Keen who found a bill of £11.99 from Netflix on her account in September after cancelling back in April. 

I tried to log in to my account, but it said my email and password had not been recognised,” she told the BBC’s You & Yours programme. “It turns out the criminals had changed my login details completely and had signed me up for the most expensive service.”

How is this possible? Well, Netflix holds on to customer data for ten months after cancellation so that former members can be quickly reinstated should they have a change of heart. The company does explain this when you cancel, as captured in the screengrab below:

Screenshot of Netflix's membership cancellation screen

While Netflix says it will delete this data if a request is made by email, few likely do. And that leaves them open for this kind of account hijack if their password gets out – which isn’t wholly unlikely given how often people reuse credentials between sites.

Related: Best Netflix alternatives

Ms Keen isn’t the only person to be hit by this kind of attack, either. 

In all likelihood, this kind of attack isn’t for the hacker’s own Netflix bingeing. There’s a steady black market business for stolen Netflix credentials, and targeting cancelled accounts is a relatively easy mark. After all, if you think you’ve cancelled your account, you’re unlikely to try logging in, allowing the hackers to get away with it for longer.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.