Some Netflix customers who canceled their subscriptions were surprised to see new charges from the video-streaming service on their bank statements months later.
Those people’s accounts were reactivated by hackers without their knowledge, according to a new BBC report. The hackers didn’t need users’ bank information to reactivate their accounts — all they had to do was log in.
That’s because Netflix stores customer data for 10 months after someone cancels a subscription, according to the BBC, making it easier for people to rejoin after canceling.
Some Twitter users have complained about the oversight.
Super disappointed with my @netflix customer service experience. Our account was hacked, supposed to have been deactivated, was reactivated by hacker, and continued to use our credit card. We were told to file chargeback and @netflix would not offer refund.
A Netflix representative told Business Insider that it valued customers’ security and that users should report suspicious activity on their account to the company directly.
“The safety of our members’ accounts is a top priority for us, and we are always working to improve this,” the person said. “We use a variety of measures to protect our members, notifying users to change their password when suspicious activity is detected, and when there is a sign-in to their account on a new device. If a member notices any unusual activity on their account, they should contact us immediately.”
There’s a cottage industry for hacked Netflix accounts. Hackers frequently sell login credentials online at discounted prices — a listing for a four-screen Netflix login is live on eBay.