Netflix Account Takeover Vulnerability

April 26, 2018 | Views: 7073

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Netflix Account Takeover with Google Obscure Email Vulnerability

What is Obscure e-mail Vulnerability

Obscure email vulnerability in Gmail is an interaction between two different ways of handling e-mail addresses which means would be same as and this is also the same as But in the case of Netflix, the company doesn’t ignore the dotted part. All of them are a unique email address for Netflix and each one can be used for registering a new account. This means that this difference can be exploited via a takeover attack.

The phishing part 

Here is how the account takeover works.
  • Try the Netflix signup form until you get a address which is already registered by some user, for example, you find the victim shaquibdexter.
    • It’s important to note that spelling out can also be interpreted the same as
  • Create a Netflix account with address shaquib.dexter
  • Sign up for a free trial with any card number (that card should be a throwaway card).
  • When Netflix applies the active card check, cancel the card.
  • Wait for Netflix to bill the canceled card. Then Netflix will email shaquib.dexter asking for a valid card.
  • Hope that Dexter will read that email to dexter.weesely, thinking it’s for his Netflix account backed by shaquibdexter, then enters his card **4567.
  • Change the email for the Netflix account to, kicking shaquibdexter’s access to this account.
  • Use Netflix free forever with his card **** 4567!

Bonus *Cybrary Mashup*

So these are resources that @ichiroshiro shared with you:





Hope you enjoy all these resources 🙂

– Ichiro

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?