A new white paper from Synamedia estimates that since the start of 2019, 4.1 billion streaming video credentials have been breached, and that by 2024, pay TV operators will have lost $12.5 billion due to credential sharing alone.
More than 25% of U.S. consumers between the ages of 21 and 40 are currently using someone else’s streaming video credentials, and 42% of those under 21 freely share passwords, according to the report “A Guide to Addressing Streaming Video Credentials Sharing the Smart Way.” Password sharing is especially egregious among millennials, with 35% admitting they do so, compared to 19% of gen X subscribers and 13% of Baby Boomers.
Nearly 70% of sports fans admit they use somebody else’s login to watch streaming sports content, with nearly 9% saying they doing so on a regular basis.
“There are two kinds of video account credential sharing: casual and fraudulent. The major factor driving them both is cost,” the white paper reads. “While casual sharing among family and friends as a goodwill gesture is rights infringement, it has become so prevalent that it’s now considered a social norm.
“Then there’s fraudulent sharing, where hackers obtain compromised credentials sold via the dark web, validate them against a video service and then offer them on marketplaces for a lower price than a legitimate subscription.”
The stolen credential market extends to both the open web and dark web, with credentials for popular streaming sports apps posted on a weekly or monthly basis, and made available for just a few dollars, the report reads, as little as $5. For example, NBA streaming credentials were easily found on Silk Road, an online black market, with a lifetime warranty and cost as little as $7.
“It is not only credentials that can be found on hacking forums and dark web: You can also find discussions around how to watch pay TV for free as well as tools for checking the validity of credentials on different services,” Synamedia noted.
The impacts of sharing and stolen credentials go beyond just the bottom line for rights holders: for sports especially, illegal credential sharing impacts the ability to accurately monitor audience engagement, the number of people watching, and the ability to market correctly to the audience, the report stressed.
“Having non-paying users streaming content on your platform can cause a huge strain on your infrastructure,” the report also noted. “It may even require you to make expensive upgrades in order to maintain a high-quality viewing experience for your legitimate subscribers. Building out adequate infrastructure is especially important for promoters of major live or pay-per-view sporting events that drive high volumes or huge spikes in traffic.”
For solutions to the problem, Synamedia suggests content owners discover the breadth of sharing across their subscriber base, by providing aggregated results that allow them to analyze the problem, and distinguish between honest users and shared accounts.
“Once you understand your credentials attack environment and the credentials that were either compromised or stolen and resold, you will want to act in order to protect your subscribers and your service,” the report reads. That requires security tools that detect either stolen or compromised credentials in real-time, and differentiates between devices that are associated with an account owner and those that belong to someone else.