Netflix Users Can't Get Support Because of Coronavirus Shutdowns
To stop the spread of the new coronavirus, companies the world over sent their employees home and urged them to avoid social interaction. Thousands of people are still not sure how they're going to cope with this, while others can hardly see a problem. They have their Netflix playlists at the ready, and they're prepping themselves for a binge-watching marathon. Of course, all their plans could come to a crashing end if their Netflix account is compromised, and if that happens, they might be facing another problem that was caused by the COVID-19 outbreak.
Netflix users struggle to get their accounts back as the COVID-19 pandemic interferes with support agents' work
TV-series fans weren't the only ones who got sent home because of the coronavirus outbreak. Netflix, like all other companies, had to take the necessary precautions to protect its employees and their loved ones, and this has inevitably affected its day-to-day operations. Customer service operators, for example, currently work from home, which means that phone support is not available at all. Users can get assistance only via chat or through the streaming platform's online help center, and Netflix itself admits that the wait time is "higher."
Meanwhile, Comicbook.com reports that there's no shortage of people who are locked out of their accounts and need help to get back in. These users are understandably frustrated with the long wait times, but apart from apologizing about the inconvenience, Netflix has done nothing to assure them that it's trying to find a way out of the situation.
It's true that foreseeing the impact of the coronavirus outbreak was impossible, and it's also true that sending customer support agents home is the best call. Nevertheless, people expect to see the world's biggest streaming platform look for ways of solving the issue, and as of right now, this is not happening. There are other problems as well.
A researcher finds a way of hijacking session cookies and compromising Netflix accounts
A security researcher by the name of Varun Kakumani recently discovered a way of compromising accounts of Netflix users who are on the same network. The exploit takes advantage of the fact that some of Netflix's subdomains are served over HTTP rather than HTTPS. As a result, a hacker can perform what Ars Technica's Dan Goodin describes as "a classic man-in-the-middle attack" and steal a session cookie, which would allow them to log into the target's account.
It should be pointed out that this does not lead to account takeover. If they steal your session cookie, an attacker can log into your account, but they can't assign a new email address or password without knowing your login credentials. This doesn't mean that the bug should be underestimated, and unfortunately, it must be said that the handling of the issue wasn't great.
Kakumani responsibly disclosed the vulnerability through Bugcrowd, Netflix's bug reporting platform. Initially, he was told that the issue is outside the scope of the streaming service's vulnerability program, but after he tweeted about it and published a proof-of-concept video, Bugcrowd announced that his initial report had been dismissed because it was a duplicate of another bug.
Serving content through HTTP rather than HTTPS is completely unacceptable, especially for a big, established service like Netflix, but it must be said that this is not the worst bug in the world. A successful attack requires a high level of skill, and if the hacker is to steal your session cookie, they need to be on the same network as you.
You are more likely to get your account hijacked because you use a weak password or reuse one on multiple websites. The people who are currently complaining about Netflix's slow support are probably guilty of this, and it should be pretty clear what you need to do to avoid joining their ranks.