An Oregon man was indicted for his role in a scheme that involved stealing and reselling passwords for streaming services, according to a statement from the US District Attorney’s Office this week.
The indictment, first reported on by The Verge, accuses Samuel Joyner of Oregon and Evan McMahon from Australia of working together on a service called AccountBot. The service had users pay a fee that gave them access to stolen credentials for streaming services at a lower cost than the user would pay for a legitimate subscription to those services. AccountBot reportedly had over 52,000 customers and the two were selling over 217,000 sets of credentials for streaming services, which were stolen through “credential stuffing attacks” where sets of credentials were taken with an automated tool during data breaches.
“Cybercrime is not a victimless crime – this case uncovered stolen account details from millions of people around the world, and we work to investigate these crimes on behalf of those who have had their personal details scammed for someone else’s profit,” Australian Federal Police cybercrime operations case officer Joanna Kondos said in a statement from the Department of Justice.
Joyner was charged with conspiracy to commit computer and access device fraud, trafficking and use of unauthorized access devices, and possession of fifteen or more unauthorized access devices. McMahon was charged with similar offenses in the District Court of New South Wales in Sydney. He was sentenced to two years and two months to be served as an intensive corrections order – time served in the community but supervised by corrective services.