In a session at the Crypto and Privacy Village within the DEF CON 27 conference in Las Vegas, Cat Murdock, security analyst at GuidePoint Security, outlined a nightmare scenario seemingly straight out of an episode of Black Mirror (the session, coincidentally, was titled Black Mirror: You Are Your Own Privacy Nightmare – The Hidden Threat of Paying For Subscription Services).
Murdock detailed how simply having a Netflix account could potentially be the key that enables an attacker to gain access to a user’s banking information. She noted that approximately 60% of the adult population pays for some form of online subscription service, be it Netflix, Spotify or something else. She also noted that everyone with an online subscription has a bank account.
One way a financial institution verifies an account holder when they try to gain access is to verify a recent transaction, which is where subscription services come into play. Murdock observed that there are only so many plans that a subscription service offers and the payments typically recur at the same time every month.