Deen Why, the 23-year-old Sydney resident who was arrested by the Australian Federal Police (AFP) back in 2019 for selling stolen account credentials for Netflix, Spotify, Hulu, and other streaming platforms, has now been sentenced to two years and two months to be served by way of intensive corrections order, as well as 200 hours of community service.
The charges that Why faced include unauthorized access to restricted data, provision of circumvention services for a technological protection measure, and dealing in identification information and false or misleading information.
The young man was running several “account generator” websites, including WickedGen.com, HyperGen, Autoflix, and AccountBot. Through these websites, D. Why distributed at least 85,925 accounts to 152,863 users who were paying a small amount to the pirate. According to the findings of the subsequent investigation, Why made at least AUD $680,000 received on PayPal, and another AUD $35,000 received in crypto.
The man was obtaining these credentials through stuffing campaigns, but it is unclear if he was engaging in this himself or if he bought the set from others. Whatever the case, this goes to show that re-using the same credentials on multiple platforms is always a bad idea. In this case, and due to the lax password-sharing policies of Netflix, it is unlikely that the victimized users had even realized it, but D. Why was making a lot of money thanks to them nonetheless.
AFP’s Cybercrime Operations Commander, Chris Goldsmid, has made the following statement in the aftermath of the announcement of the sentence: