20.5k unique visitors in the last 3 days

Aussie Hacker Made $500,000 by Finding and Reselling Netflix Credentials

23 year old Sydney web developer Evan McMahon was shown leniency because of his age and autism.

A 23 year old Australian web developer has avoided prison after being found guilty of supplying at least 85,925 subscriptions to Netflix and other online services by identifying the passwords of legitimate customers and selling them to others, reports the Sydney Morning Herald. Evan McMahon (pictured) was sentenced to perform 200 hours of community service and had AUD460,000 (USD356,000) of cryptocurrency confiscated, though the subsequent cryptocurrency boom means that stash is now worth approximately AUD1.3mn (USD1mn). He is believed to have made about AUD680,000 (USD530,000) by selling ‘lifetime’ subscriptions for as little as 10 bucks a time.

McMahon ran programs between 2015 and 2019 that systematically identified the user details for accounts on Netflix, Spotify, Hulu, WWE Network, NordVPN, and the PlayStation Network. Court documents argued McMahon’s efforts were made more successful by the tendency for users to adopt the same passwords for multiple services. Four separate websites – HyperGen, WickedGen, Autoflix and AccountBot – were used to sell the credentials that McMahon cracked. The oldest of the websites was created soon after McMahon completed High School, and their sophistication increased over time, with the most recent offering discounts for new customer referrals. False identities were used to create 48 separate PayPal accounts in order to launder the criminal proceeds, much of which was invested in cryptocurrency.

McMahon potentially faced a 20-year prison sentence for the most serious crime he was charged with, but it appears the judge showed leniency because of McMahon’s youth and because he is autistic, and hence was said to not fully comprehend the seriousness of his actions. Without having heard all the details, this once again appears to be an example of courts being soft on online crime. Preventing and catching young internet fraudsters like McMahon is expensive and difficult, but courts rarely punish them with more than a sermon about their crimes not being victimless. If judges really believe what they say about the victims of crime then they should do more to deter a growing generation of online crooks by making an example of those few that are caught and brought to trial.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email