The Italian Guardia di Finanza has dismantled CinemaGoal, a piracy network that operated with an unusual model: it stole credentials from legitimate subscriptions to platforms like Netflix, Disney+, or Spotify and recycled them every three minutes. The fraud, which affected thousands of users, has caused estimated losses of 300 million euros. The first 1,000 identified subscribers face fines of up to 5,000 euros each.
The technical system: credential recycling every 180 seconds 🔄
The network operated through automated scripts that accessed legitimate accounts, extracted the credentials, and rotated them among the network's clients every three minutes. This cycle prevented blocks by the platforms, which detect simultaneous accesses from disparate locations. The illegal packages were sold for between 40 and 130 euros per year, well below the official cost of subscriptions. The infrastructure relied on cloud servers and proxies to hide the digital trail.
The subscription you shared with 300 strangers 😱
For 40 euros a year, CinemaGoal clients gained access to a carousel of accounts that changed every three minutes. Basically, they paid to watch the end of a series and, the next minute, they were already watching another user's playlist. The most curious thing is that some buyers believed they had found the ultimate bargain, unaware that their own Spotify account could be playing in a stranger's shower in Palermo.