You can buy almost anything on the internet.
Even black market HBO Go, Netflix and Hulu logins are available for purchase, and they are extremely cheap, normally about $1 per login. But this type of transaction is in violation of each company’s terms of service and depending on the circumstances, illegal in most cases as well.
PayIvy (recently acquired by Newnote), an online platform for buying and selling digital products (a loose description, to be sure) had, unintentionally or otherwise, turned into a bustling marketplace for streaming service logins. These account sales often found their way onto Reddit and other distribution channels, as seen in the screenshot below:
The account logins ended up being purchased relatively quickly and the marketplace seemed at first to be growing exponentially.
But according to forum users that routinely discuss the market for these types of transactions, PayIvy has sent a message notifying users that the sale of Netflix subscriptions will result in an immediate suspension alongside a warning about PayPal’s terms:
“Starting May 15th, PayIvy will be banning all Netflix accounts. If you are still selling these accounts, we advice you to stop as your PayPal account will be limited as part of PayPal AUP. You have 9 days to delete your Netflix products before we do a search and remove them ourselves.”
PayIvy’s TOS page also mentions that the sale of stolen logins will result in an account suspension:
“Selling of hacked user accounts from other services and / or illegal materials will result in immediate suspension of a users account. PayPal will also suspend such users immediately and without notice.”
Security expert Brian Krebs noticed this trend occurring and wrote an in-depth blog post last week. Krebs notes that this type of transaction isn’t anything new, but that PayIvy has made it far easier for anyone to buy stolen credentials, a transaction normally shrouded under the dark web or within cybercrime web forums. The comment section exploded, and someone who appears to be a representative of PayIvy began defending the service, saying that while a small number of users were marketing stolen accounts on PayIvy’s platform, these users did not represent the overall intention of the service. In other words, yes, people were using PayIvy to conduct business in violation of most SVOD’s TOS but that PayIvy was trying to put an end to such transactions.
Ebay has long suffered from a similar black market, where users can shop for subscription logins for various streaming services. When we ran a search though, it was relatively difficult to find such auctions. And this is likely where the problem arises for PayIvy; the simplicity of the transaction having been so obvious.
It is not necessarily that difficult to find illegal goods and services around the web. Some of the most popular websites such as Ebay and Craigslist have similar gray and black markets hidden in the nooks and crannies of their sites. But rarely do these sections catch much public attention because they don’t encompass a major portion of the business.
We sent PayIvy a request for comment on their plans to combat this, Lode Kennes a former founder responded, printed below:
“PayIvy has been actively removing these products, and the sale of stolen accounts have drastically decreased on the PayIvy platform. Unfortunately, this does not solve the main problem. These streaming services are amazing, but they need to do a better job at protecting their users’ privacy and security.
We will be actively checking PayIvy to remove the sales of stolen accounts that are being sold such as Netflix, Spotify, Hulu, HBO, Lynda, NHL and WWE.”
They make a good point, that the ability to simply share a login to these streaming services makes it a security nightmare out the gate. But that doesn’t absolve PayIvy of guilt, as offering a market for the sale of these credentials is only helping to grow the rampant spread of fraud on these accounts.
However, one of the most interesting bits of data that PayIvy discovered in their audit of such transactions was that one of the most common reasons people were buying logins through PayIvy was because they were able to do so with Bitcoin.
“After removing these products, we did a site’s audit to review the sales of stolen accounts. What we find surprising was that people were willing to spend $10-$20 on these stolen accounts because they were accepting Bitcoin through Coinpayments.net.
A certain group of sellers on PayIvy were selling stolen Spotify accounts for $20/each, and they received multiple sales on a daily basis. Although many sellers were accepting PayPal, a whole lot more were accepting Bitcoins, and this statistic correlates with the demand of consumers using cryptocurrencies to purchase products online. We speculated the reason these stolen accounts were so popular was because these streaming services only accept credit card and/or Paypal.“
Before you roll your eyes and cry, “this is still a fraudulent transaction regardless” (of course it is), the point remains that PayIvy is claiming they have the data to prove a significant number of people prefer to pay for a service using a cryptocurrency such as Bitcoin. The demand for the ability to pay with these currencies continues to rise and services such as Netflix, Hulu and HBO would benefit from making this an option in the near future.
Closing thoughts: PayIvy seems like a good concept for the expanding realm of digital currency transactions, including those of the crypto variety like Bitcoin. It appears they unintentionally let a rapidly growing stream of illegal activity take place on their service, which is something a young commerce startup will often face. It is extremely important to tackle these types of problems as fast as possible, which PayIvy was unable to do fast enough to make this a non-story. We don’t necessarily believe PayIvy’s intentions were malicious, however it is likely that when rapid user growth occurred, it became easy to turn a blind eye to the types of transactions that were taking place.
From what we have seen of the PayIvy software, it is a very well designed platform, and certainly has a chance to become more mainstream following the corrections necessary to legitimize the transactions taking place. But until this is done, the overall reputation of the business remains at risk.