Kafkaesque journey through a Netflix hack
Anyone who has gotten an email in, say, the past 20-odd years has certainly received a missive that has looked, if not outright sketchy, at least questionable enough to make you think it wasn’t on the up-and-up.
This is exactly what I thought on the evening of Jan. 15 when, as I was watching TV, I absentmindedly checked my email on my phone. A note from Netflix appeared, saying there had been a “new sign-in” to my account. The email said the sign-in came from a computer in the United States.
Whoever was trying to pull this scam was really good, I thought.
Then, six minutes later, another email came. Like the first message, this one said there was a “new sign-in” to my Netflix account. Only this one came from a computer in Aragua, Venezuela. By this point, I was thinking this wasn’t a scam.
That sentiment only grew when, one minute later, I received a third message from Netflix saying that, “as you asked,” the company had changed my email. I would no longer be able to use the only email address I had ever used to sign in to my Netflix account, which I’d had for seven or eight years.
Thus began an adventure into the world of what happens when your Netflix account is hacked, and what can and can’t be done about it.
I’m not ignorant about these sort of things. With Netflix having 139.3 million paid subscribers, many of whom set up profiles for their immediate family members and share their passwords with others outside the home, it should come as no surprise that accounts are hacked once in a while.
But when it happens to you, that’s all that matters. Netflix’s response to my hacking situation said a lot about its security methods — and its philosophy about how to help a consumer who has just had the access to one of their major media sources upended.
Soon after the third email, I had someone from Netflix’s customer service department on the phone. I told her who I was, explained the emails I had just received and said I’d like it if she could help resolve this matter and get my account back on track. She told me she could help right away. All she needed were the last eight digits of the debit card affiliated with my Netflix account to confirm things. I quickly read those numbers to her.
While all this was going on, I called up Netflix on my iPad. The part of the screen where app settings, privacy, help and sign out are located was now in Spanish. And on the profile page, mine was the only one there. My wife’s, my kids’ and my 78-yearold mom’s profiles all were gone.
That’s when things got really strange.
“No. That’s not the number we have,” the customer service agent said. “Could it be another card?”
Needless to say, I was taken aback. “Uh, no. This is how I pay you guys every month,” I replied. I read the number on the card again.
“I’m sorry, but we don’t have that number on file,” she said. “In fact, we don’t have any record of that number ever being used for
payment.”
I knew I hadn’t been getting Netflix for free. So, upon being told that the method I had been using to pay Netflix every month wasn’t even recognized by the company’s billing operations, I swung into action and brought up my bank account online. Sure enough, a payment to Netflix for $10.99 was recorded Dec. 28, 2018.
I explained to her that Netflix had indeed been charging the account number I had given her. But she wasn’t buying any of it.
“No. We have no record of you ever using that account for a payment,” she said. “Unless you can verify the account we have on file, I can’t do anything about resetting your account.”
I was beginning to lose my cool. “Well, what account you have on file, if it’s not the one you have been pulling $10.99 a month out of?” I nearly shouted back.
The customer service agent said she couldn’t tell me the account number, but she did say that the number they did have on file had been in use since April 2017. Upon hearing this, I began searching for the nearest door to slam my head into.
To me, this was just more evidence that my account had been hacked, and that Netflix should have believed that I was who I claimed to be and it would have been great for them to just do something — anything! — that could cut off this Venezuelan hacker and get me back to watching “Monty Python’s Flying Circus” reruns.
But it was to no avail. The woman on the telephone said there was nothing she could do to restore my account. I then asked to speak to her supervisor.
The second woman informed me that my case had been “escalated,” which sounds a lot more important than it really is. She also told me that since I couldn’t confirm the debit card number they had on file, and they had no proof that the way I had been paying them really was the way I had been paying them, Netflix couldn’t — or wouldn’t — restore my account.
However, the supervisor told me, there was one recourse available: Netflix could cancel the account. I could then sign up again as a brand-new customer.
So, if I had this straight, Netflix wouldn’t believe me about how I was paying them and thus wouldn’t fix the hacking of my account. But the company believed me enough to say, “Hey, let’s just cancel everything and you can start over!” I found myself, again, wanting to slam my head into the door.
I had the supervisor cancel my account, then signed back up as a new subscriber. While unsatisfactory, it seemed the only way to get back to binge-watching Netflix.
Since I wasn’t satisfied, I decided to take my issue to somewhere beyond Netflix’s customer support division.
I reached out to Netflix through its media center and explained what had happened in the hopes that I could speak with a technical support specialist, or someone else who worked with the streaming giant’s account team. I didn’t want them to think I was on some kind of revenge mission, nor did I want any secret codes to break into Chief Executive Reed Hastings’ account. I was genuinely curious about how my account could have been hacked, and why the only solution to my situation was to pull the plug and start over.
I was told that Netflix monitors its members’ accounts for suspicious activity, then sends out alerts if it sees anything that isn’t on the up-and-up. This is how it detected the login to my account from Venezuela and the change to my account’s email.
Then, I learned that one of the things Netflix has found is that its members’ accounts are sometimes compromised via breaches that happen at other companies. This happens especially if a person uses the same username and password at a site that is breached that they use for Netflix. The hacker gets the information he or she needs, then uses that to get into someone’s Netflix account.
I understood that. My account got hacked. It happens. But what I didn’t understand was what I was next told.
A Netflix spokesperson confirmed that the company could, in fact, restore my prior account. However, it would be possible to restore only my profile — those of my family members had been removed.
I was stunned to learn this. Why was Netflix now able to somehow find and reestablish my recently canceled account — the one I had been paying for every month, but the company only a couple of days earlier said they couldn’t fix? Couldn’t someone have done this for me on the phone when I first reported the problem with my account? Why, at that time, was the only answer to cancel my account and have me sign up as a new customer?
I’ll probably never know. Netflix did offer me a free month of service to make up for my inconvenience, but the company also told me it wouldn’t make anyone else available to speak about the hacking matter.
Sure, having to open up a new Netflix account qualifies as a First World Problem. But it would have been nice to have gotten to the bottom of how this problem occurred in the first place.