Unauthorized Streaming of Your TV Subscription Service?
Devices No Longer In Your Possession May Still Access Your Accounts
Okay, maybe the rest of the world knows about this, but I didn’t until a few days ago. And at least a couple initial levels of Amazon tech support didn’t recognize the source of the problem either…
To be more specific, the unauthorized streaming discussed here refers to a situation where your legitimate streaming account is being accessed and used by a party not known to you, the streaming account holder. This party can view your watchlist and your list of recently viewed movies, and you can view theirs. It’s an unwillingly shared account where you are the only one paying the subscription fee. The freeloading party almost certainly knows that they are tapped into someone else’s account; however it is possible that you may be unaware that anything is wrong if you don’t access your viewing history.
We subscribe to both Amazon Prime and Netflix streaming accounts, both of which have a recently watched category that displays any past movie or TV program that was played long enough to register. Netflix gets used the most in our house and has this list on its main movie page (at least on my Roku XS – other devices may differ), so it is visible every time you browse the movie lists. Amazon has a recently watched list, but it is under a separate menu item on the Roku and not right in front of you.
We went through a short period where Netflix was showing some movies on the recently watched list that we had never accessed, but I didn’t think anything of it because there had been some other occasional glitches in the movie listings, and in any event the problem went away after a short time.
However, we recently began receiving requests from Amazon to review some movies – clearly movies that we had never seen. And I was quite surprised when I checked out the recently watched list for Amazon Instant Video and found more than a dozen movies and TV series that had been recently watched, but not by us.
The first call to Amazon support led us to believe that our Amazon accounts had been somehow breached – probably through our own computers while we were logged in – and that we should change the Amazon passwords immediately and then log out on the TV and log back in. We did this and thought for certain that it would be fixed.
Of course more unauthorized streaming activity showed up over the next two days, so another call was made to support. This time they were able to detect that the unauthorized streaming had occurred from another state, and that the streaming device was a Sony Bravia device. My main TV is a Sony Bravia, but this immediately reminded me of an identical-model TV that we had owned for nearly two years before it had to be returned to the retailer late last year. It had an unrepairable defect, and I may have forgotten to reset it before it was returned.
This time it was suggested that my current TV go through a power-off reset. After this, the downloadable content was refreshed (to bring back the applications), and the TV was relinked to the Amazon account. I was told that this would surely fix the problem, and short of someone having our passwords there was no way for someone else to get back in. The freeloading streamers would be forced to go through an authorization themselves, requiring a login to an Amazon account to which they had no access.
A couple of days passed, and nothing new showed up, although a couple recently watched TV series swapped places in the watched list, and I was suspicious. Another call to support was made, and indeed unauthorized streaming had occurred in the time since the deauthorizing-reauthorizing steps had been taken – the steps that should have eliminated any chance of it happening again.
But fortunately this time I was talking to someone who vaguely remembered a previous issue similar to this with Sony products, and she suggested that I log onto something a website called Sony Essentials at internet.sony.tv. I too remembered that an account needed to be opened for the first Sony streaming device that I had purchased 3 years earlier. After some floundering, I was able to log in to an account that had been forgotten for some time.
On this site I saw devices listed that had long since left my possession, having been returned for various defects. One of these was the unrepairable TV mentioned above, one was a 70″ R550A fiasco that was defective out of the box, and the third device was a Sony Media player that had been returned because it had an issue with its 1080i output. There was no need for these devices to still be listed, and it was suggested by support that this could be the problem.
This is where I completely lost any understanding of how this system works.
Any attempt to unlink the devices (no longer in our possession) from our Amazon account resulted in all of the Sony devices being unlinked. I had hoped to unlink devices individually to determine which ones were mine, since similar devices were impossible to differentiate on the Sony Essentials page – they were listed in my account by an electronic serial number that did not correlate to my hardware serial numbers.
In the end I had to remove all of the devices from the Sony account and then re-add them from the device screens themselves. Once this was done, I re-linked the TV to our Amazon account, but it was a bit disturbing to see that the Streaming Media Player automatically became linked too. I have no idea why separate devices all link or unlink as one, but I think this was the root of the problem. I would unlink everything and relink only my devices, but I was unknowingly relinking the device in another state at the same time.
So if a Sony device is listed in your Sony account but it is no longer in your possession, it still may be automatically linked to your Amazon account when you link one of the devices that you do still have. And this may be the case with other products and other manufacturers too, but I have no experience with any others. The streaming source doesn’t care whether the streaming player is in your house or has been sold to someone in another state, a fact that has been exploited by those that choose to share passwords to their streaming accounts (against the terms of service, I might add) with friends or relatives.
In short you need to a) remember if your streaming product required the setup of an account similar to the one described here, b) keep it current, and c) reset any network-ready TVs or streaming devices to factory default before you sell or return them.
The month is still young, but I have not had any evidence of unauthorized streaming since the devices were actually removed from my Sony Essentials account. And in the end I do not know which device ended up in the hands of another user and was being used to stream – all of the devices that I now or previously owned displayed as Sony Bravia Device to Amazon Support, but they were unable to identify the specific model.
I don’t know if this potential problem exists with other manufacturers or if they require that the user list active devices in an account, but it does appear to be something to consider if you encounter similar unauthorized streaming. And while it may be obvious that it is not wise to sell or return a personal computer that is loaded with personal data, even a lowly streaming device should probably undergo a factory reset before leaving your hands.
My thanks to Lori at Amazon Support for her patience and insight that I believe may have solved this problem permanently.