Computer Security

Subterms

    Latest story

    150 Shares169 Views

    Met Opera’s Website and Box Office Are Back, 9 Days After Cyberattack

    by

    Hackers had left the Met, the largest performing arts organization in the United States, unable to sell tickets as it tries to recover from the pandemic.Nine days after an audacious cyberattack struck the Metropolitan Opera, forcing its website offline, paralyzing its box office and hobbling its ability to sell tickets, the company announced on Thursday that those services had been restored.“After suffering a cyberattack that temporarily impacted our network systems, we’re pleased to announce that the Met is now able to process ticket orders through our website and in person at our box office,” the Met said in a message on its website, which reassured customers that no credit card information had been stolen during the attack.The resumption of ticket sales at the Met, the largest performing arts organization in the United States, marked the conclusion of what the company said was the first major cyberattack in its 139-year history. The attack, coming during the usually lucrative holiday period, knocked out the company’s ticketing system at a time when it would typically handle about $200,000 in sales each day.The targeting of the Met, which dealt the company a blow as it struggles to lure audiences back to prepandemic levels, underscored that even venerable cultural institutions are not immune to cyberattacks in the digital age.“This attack froze everything,” said Peter Gelb, the Met’s general manager, who said that it had wreaked havoc, undermining the electronic payment system for the company’s 3,000 full- and part-time employees and hampering its ability to order sets for upcoming productions. “The teachable moment of this attack is that if someone wants to break into your system, it is hard to stop them.”Despite the disruption, the Met never missed a performance, continuing to stage its grandiose old-school production of Verdi’s “Aida,” with its huge cast and towering sets, and the new Kevin Puts opera “The Hours,” starring Renée Fleming, Kelli O’Hara and Joyce DiDonato and inspired by Michael Cunningham’s Pulitzer Prize-winning 1998 novel. Without its regular ticket system, the opera house offered $50 general admission tickets for seats that usually cost several times that much, through a website set up by Lincoln Center. Gelb said Thursday that prices would return to normal levels.Gelb said it appeared that the attack has been orchestrated by an organized criminal gang, and that the F.B.I. was aware of the attack.Cybersecurity experts said the attack had all the hallmarks of a ransomware attack, a form of modern-day piracy that has become a global scourge in recent years, as attackers target local governments, businesses, hospitals and, now, cultural institutions.Experts said the crime is widespread. In some cases victims receive an email with a link or attachment that contains software that encrypts files on their computer and holds them hostage until they pay a ransom.While the attack had added to the Met’s woes, Gelb said the company was undeterred. Paraphrasing a line from Terence Blanchard’s opera “Fire Shut Up in My Bones,” which was performed at the Met last year, he said: “We bend but we don’t break.” More

    More stories

    • 163 Shares99 Views

      in Music

      A Cyberattack Shuts the Met Opera’s Box Office, but the Show Goes On

      by

      After hackers knocked out the ticket-selling system of the Met, the largest performing arts organization in the United States, the company decided to sell $50 general admission seats.It had been a full week since a brazen cyberattack had hobbled the Metropolitan Opera, taking its website offline and paralyzing its box office, and hundreds of opera lovers were waiting patiently in line Tuesday evening, fluctuating between anxiety and anticipation.The curtain was set to rise on the Met’s grandiose old-school production of Verdi’s “Aida” in 45 minutes, and 300 audience members had managed to score the sold-out $50 general admission tickets that the cyberattack had forced the company to offer as a workaround until its computer systems are fully restored.Some had feared a “running of the bulls” situation, with opera lovers jockeying for prime seats that ordinarily cost as much as $350 apiece. But the human choreography amid the technological mayhem was fairly seamless. The general-admission hordes, who had bought their tickets on a hastily assembled page on Lincoln Center’s website, were directed to side corridors of the Met’s 3,800-seat auditorium. There, ushers handed them improvised tickets, their seat numbers handwritten in black magic marker, distributed on a first-come-first-served basis.“It’s frightening that a cyberattack can happen at a place like the Met,” said Mike Figliulo, 42, a technology director on Broadway, as he marched triumphantly to his $50 seat in row M of the orchestra.The attack on the Met, the largest performing arts organization in the United States, knocked out a ticketing system that typically handles about $200,000 in sales each day at this time of year, and took down the company’s payroll system, forcing it to cut checks by hand for some of its 3,000 full- and part-time employees. It was the latest major disruption for a company struggling to lure audiences back to prepandemic levels, and it hit just as the lucrative holiday season was getting underway.“With this attack, it feels like we have entered the ninth circle of hell,” Peter Gelb, the Met’s general manager, said Tuesday during a pause in a rehearsal for an upcoming English-language holiday production of “The Magic Flute” that is popular with families. “It adds strain on a company that has suffered innumerable strains and challenges since the pandemic from which we are still recovering.”The Met’s outspoken support for Ukraine — it presented “A Concert for Ukraine” last season; helped arrange a tour by the newly formed Ukrainian Freedom Orchestra; and parted ways with one of its reigning prima donnas, the Russian soprano Anna Netrebko, after she declined to distance herself from President Vladimir V. Putin of Russia — led to speculation that Russia could be behind the cyberattack.Gelb tamped down that theory, saying that the attack appeared to be the work of an organized criminal gang. He said the Met had informed the F.B.I. of the attack, and that he hoped that the box office would be running as early as Wednesday.“I can understand why there might be conjecture that Russia is behind this, given the Met’s strong condemnation of Putin and defense of Ukraine,” he said. “But we don’t believe Putin is masterminding cyberattacks on opera companies. And if he is, that is a good reason that the Russians are losing the war.”The seating of people with $50 general admission tickets went smoothly. Jeenah Moon for The New York TimesGelb declined to elaborate on who was behind the attack. But cybersecurity experts said that, given how long it was taking the Met to get back online, the attack bore the hallmarks of an increasingly prevalent type of modern-day piracy that has targeted businesses, local governments, hospitals and even hotels. The weapon? A type of software known as ransomware.The crime is as simple as it is effective. In some cases victims receive an email with a link or attachment that contains software that encrypts files on their computer and holds them hostage until they pay a ransom.Ransomware has become a global scourge. A ransomware attack this fall disrupted the government of Suffolk County, on Long Island, forcing it largely offline. Five years ago, one of the largest ransomware attacks in recent memory left thousands of computers at companies in Europe, universities in Asia and hospitals in Britain crippled or shut down — in some cases, paralyzing hospital equipment before patients were poised to go into surgery.Justin Cappos, a cybersecurity expert at New York University’s department of computer science and engineering, said hackers who carry out such attacks frequently operate in Russia and Eastern Europe, and often demand a ransom in Bitcoin, a digital currency that is hard to trace. A Bitcoin payment also can’t be rescinded once it is made.He said that the targeting of cultural institutions like the Met was surprising, given that they typically have limited financial resources. Nevertheless, he said, the attackers might have been motivated by the audacity of targeting such a global and glittering brand.“Every organization needs to care about cybersecurity, even cultural organizations like the Met,” Cappos said. This attack, he added, underscored that “nobody is safe.”The Met — which never missed a curtain last year, even when the Omicron variant shut down wide swaths of Broadway, dance performances and concerts — has managed to proceed with all of its performances through the current cyberattack, staging Verdi’s “Rigoletto” and “Aida” and its new production of Kevin Puts’s “The Hours,” starring Renée Fleming, Kelli O’Hara and Joyce DiDonato, which was simulcast as planned to movie theaters around the world on Saturday as part of the Met’s Live in HD series.With war raging in Europe, record inflation and the continuing effects of the pandemic, cultural institutions across the world, including the Met, have been struggling economically. But Gelb said the Met was resilient.“Our lives have been turned upside down,” he added. “But we’ll get through it.”The operagoers who went to the Met on Tuesday evening were transported back to a grand operatic vision of ancient Egypt, with soaring arias and choruses telling a story of doomed love and divided loyalties. One scene stealer was an unruly pony named Sandy who stomped its hoof and shook its head aggressively during the larger-than-life Triumphal Scene, eliciting nervous laughter from the audience.The audience was able to forget, at least temporarily, that it was at the center of an opera house under siege. More

    • 88 Shares99 Views

      in Music

      The Surveillance Apparatus That Surrounded Britney Spears

      by

      An account by a former employee of the security team hired by Ms. Spears’s father created the most detailed portrait yet of the singer’s life under 13 years of conservatorship.Britney Spears’s father and the security firm he hired to protect her ran an intense surveillance apparatus that monitored her communications and secretly captured audio recordings from her bedroom, including her interactions and conversations with her boyfriend and children, according to a former employee of the security firm.Alex Vlasov, the employee, supported his claims with emails, text messages and audio recordings he was privy to in his nine years as an executive assistant and operations and cybersecurity manager for Black Box, the security firm. He came forward for a new documentary by The New York Times, “Controlling Britney Spears,” which was released on Friday.Recording conversations in a private place and mirroring text messages without the consent of both parties can be a violation of the law. It is unclear if the court overseeing Ms. Spears’s conservatorship was aware of or had approved the surveillance. Mr. Vlasov’s account, and his trove of materials, create the most detailed portrait yet of what Ms. Spears’s life has been like under the conservatorship for the past 13 years. Mr. Vlasov said the relentless surveillance operation had helped several people linked to the conservatorship — primarily her father, James P. Spears — control nearly every aspect of her life.“It really reminded me of somebody that was in prison,” said Mr. Vlasov, 30. “And security was put in a position to be the prison guards essentially.”In response to detailed questions from The Times, a lawyer for Mr. Spears issued a statement: “All of his actions were well within the parameters of the authority conferred upon him by the court. His actions were done with the knowledge and consent of Britney, her court-appointed attorney, and/or the court. Jamie’s record as conservator — and the court’s approval of his actions — speak for themselves.”Alex Vlasov, a former employee of Black Box Security, decided to share his information after hearing Ms. Spears’s speech to the court in June. He said a surveillance operation had helped several people linked to the conservatorship control nearly every aspect of Ms. Spears’s life.Victor Tadashi SuarezEdan Yemini, the chief executive and founder of Black Box Security, also did not respond to detailed questions. In a statement, his lawyer said, “Mr. Yemini and Black Box have always conducted themselves within professional, ethical and legal bounds, and they are particularly proud of their work in keeping Ms. Spears safe for many years.”Ms. Spears’s lawyer, Mathew S. Rosengart, said in a statement: “Any unauthorized intercepting or monitoring of Britney’s communications — especially attorney-client communications, which are a sacrosanct part of the legal system — would represent a shameful violation of her privacy rights and a striking example of the deprivation of her civil liberties.”“Placing a listening device in Britney’s bedroom would be particularly inexcusable and disgraceful, and corroborates so much of her compelling, poignant testimony,” Mr. Rosengart said. “These actions must be fully and aggressively investigated.”Mr. Vlasov said his superiors had often told him that the severe surveillance measures were necessary to properly protect Ms. Spears and that she wanted to be in the conservatorship. He said he had felt compelled to share his information after hearing Ms. Spears’s comments to the court in June, when she excoriated the judicial system, her conservators and her managers. She called the arrangement abusive.Ms. Spears’s father, who is known as Jamie, was appointed conservator in 2008, shortly after Ms. Spears was twice taken to the hospital by ambulance for involuntary psychiatric evaluations amid a series of public struggles and concerns around her mental health and potential substance abuse. He was given broad control over her life and her estate, including the power to retain round-the-clock security for Ms. Spears.Mr. Spears and others involved in the conservatorship have insisted that it was a smooth-running operation that worked in the best interest of his daughter. But in the wake of Ms. Spears’s comments in court in June, the judge authorized her to choose her own lawyer, Mr. Rosengart, for the first time. Mr. Rosengart swiftly filed to remove Mr. Spears as the conservator of the singer’s estate. After consistently arguing that there were no grounds for his removal, Mr. Spears abruptly asked the court on Sept. 7 to consider whether to terminate the conservatorship entirely.Mr. Rosengart’s and Mr. Spears’s requests are expected to be considered at a hearing scheduled for Sept. 29.The security companyThe security team’s role has long been a mystery.Mr. Yemini, the Black Box Security founder, was born in Israel, and is described on a company website as having a background in the Israeli Special Forces. The Spears account helped Black Box grow from a tiny operation to a prominent player in the celebrity security industry. It counts the Kardashians, Miley Cyrus and Lana Del Rey among its clients.Mr. Vlasov joined Black Box in 2012 as a 21-year-old college student, excited by the opportunity to master the security industry. He started as Mr. Yemini’s assistant and grew into a role that encompassed wide responsibilities over operations and digital management. “I did everything from write his messages, write his emails, to be on all phone conversations in order to take notes for him,” Mr. Vlasov said. “I was the only person at Black Box that knew everything, really.”He generally worked at Black Box’s office in the Woodland Hills area of Los Angeles and seldom saw Ms. Spears in person, he said. But through the surveillance apparatus and his close work with Mr. Yemini and his colleagues, Mr. Vlasov said, he had a uniquely comprehensive view of her life.Edan Yemini with Ms. Spears in 2009. Mr. Yemini is the chief executive and founder of Black Box Security.AlamyMr. Vlasov said that Ms. Spears’s phone had been monitored using a clever tech setup: The iCloud account on her phone was mirrored on an iPad and later on an iPod. Mr. Yemini would have Mr. Vlasov encrypt Ms. Spears’s digital communications captured on the iPad and the iPod to send to Mr. Spears and Robin Greenhill, an employee of Tri Star Sports & Entertainment Group, the former business manager for the singer’s estate.This arrangement allowed them to monitor all text messages, FaceTime calls, notes, browser history and photographs.“Her own phone and her own private conversations were used so often to control her,” Mr. Vlasov said.In response to questions about the surveillance operation, a lawyer for Tri Star Sports & Entertainment Group said: “These allegations are not true. Ms. Greenhill was only involved in Ms. Spears’ security to the extent Ms. Spears requested her involvement, as well as Tri Star’s role of issuing the payments to the security company.” The lawyer did not respond to follow-up questions specifically asking whether Ms. Greenhill had ever received copies of or reports on the contents of Ms. Spears’s text communications.Mr. Vlasov said the reason Mr. Yemini had given for monitoring Ms. Spears’s phone was to protect her from harm and bad influences. But Mr. Spears monitored his daughter’s text-message conversations with her mother, her boyfriend, her close friends and even her court-appointed lawyer, according to screenshots of messages provided to The Times.Mr. Vlasov’s accounts of how Ms. Spears’s life was controlled by the security team were confirmed by others with firsthand knowledge of the conservatorship who requested anonymity. They said Ms. Spears essentially could not leave her home without the presence of security personnel, who would inform Mr. Yemini, Mr. Spears and Ms. Greenhill of the singer’s movements via group chat.Ms. Spears with her father in 2013. As part of the conservatorship, Mr. Spears was given broad control over his daughter’s life and her estate, including the power to retain round-the-clock security.RS-Jack/X17online.comAs conservator of the estate, Mr. Spears controls his 39-year-old daughter’s nearly $60 million fortune and has the authority to employ workers for her.Mr. Vlasov said Mr. Yemini and another Black Box employee had once given him a portable USB drive and asked him to delete the audio recordings on it.“I had them tell me what was on it,” Mr. Vlasov said. “They seemed very nervous and said that it was extremely sensitive, that nobody can ever know about this and that’s why I need to delete everything on it, so there’s no record of it. That raised so many red flags with me and I did not want to be complicit in whatever they were involved in, so I kept a copy, because I don’t want to delete evidence.”The drive, he discovered, contained audio recordings from a device that was secretly placed in Ms. Spears’s bedroom — more than 180 hours of recordings. Mr. Vlasov said he had thought the timing was curious because some of the recordings were made around the time that a court investigator visited Ms. Spears to perform a periodic review in September 2016.The New York Times reviewed the recordings to confirm their authenticity.When asked why he had continued working with Black Box despite harboring so many concerns, Mr. Vlasov said he had feared the amount of power Mr. Yemini and others had, and the possibility that they could damage his job prospects in the industry.After Ms. Spears’s impassioned remarks to the court in June, Mr. Vlasov said, his mind-set changed.Choosing to leave Black Box in April was the best decision of his life, he said, and he believes going public is the right thing to do. “I don’t know what’s going to happen tomorrow, but I’ve never regretted it,” he said.‘She did not want to be there’Ms. Spears spent time at a mental health treatment facility in 2019 — a stay that appears to have been a turning point in the conservatorship. Who exactly sent her there, for what reason and whether she went on her own volition are in dispute.Mr. Spears and others involved with the conservatorship have said that she consented to go to the facility and that she was aware that no one could force her to stay. Conservators are not allowed to force a conservatee into a mental health treatment facility against their will.“She did not want to be there,” Mr. Vlasov said. “I heard this from multiple people, including Robin and Jamie themselves when they would talk on the phone to Edan. I overheard multiple conversations where they knew Britney didn’t want to be there.”The Times obtained text messages that Ms. Spears had sent from the facility that said she felt she was there involuntarily and that she could not leave, noting that security personnel were at the door at all times. Ms. Spears told a judge later in 2019 that she had felt she was forced into the facility, according to a transcript of the closed-door hearing. She repeated that claim to the court publicly in June.Mr. Vlasov shared digital communication that showed how Ms. Spears, while in the facility, had tried to hire a new lawyer to replace her court-appointed lawyer — and that Mr. Spears and others had monitored that effort.Ms. Spears with Robin Greenhill, an employee of Tri Star Sports & Entertainment Group. Mr. Vlasov said that Ms. Spears’s phone had been monitored using a clever tech setup: The iCloud account on her phone was mirrored on an iPad and an iPod.AlamyThe prospective lawyer asked Ms. Spears if he could come talk to her. Ms. Spears responded that she didn’t think the security personnel would let her see him. “They will say no for sure to me seeing a new lawyer on my side,” she said, and proposed that he tell the security personnel that he was a plumber instead. The lawyer declined that plan. “You have to be approved by the court before I hire you, but I don’t understand how can I know I want to hire you unless I meet with you first?” Ms. Spears wrote.“Yes, it’s a Catch-22 situation,” the lawyer said.In a text message sent a week after the initial exchange with the lawyer, Ms. Spears said that Mr. Spears had taken away her phone after finding out that she had been talking to a lawyer.The lawyer confirmed to The Times that the correspondence provided by Mr. Vlasov was accurate.Mr. Vlasov recalled that “one of the biggest ‘aha,’ red-flag moments” in his tenure at Black Box had happened in August 2020, when Ms. Spears’s court-appointed lawyer, Samuel D. Ingham III, sent an email to Mr. Spears’s lawyers and Mr. Yemini asking for written confirmation that Ms. Spears’s new phone was not being monitored.“Ethically, I need to get written confirmation that no one other than my client can access her calls, voice-mail messages or texts directly or indirectly,” Mr. Ingham wrote in the email, which was reviewed by The Times.Geraldine Wyle, a lawyer for Mr. Spears, responded: “Jamie confirms that he has no access to her calls, voice-mail messages, or texts.”Ms. Spears in Paris for her “Piece of Me” tour in 2018. The following year, the singer spent time at a mental health treatment facility — a stay that appears to have been a turning point in the conservatorship.Marc Piasecki/Getty ImagesIn response to questions from The Times about the exchange, Ms. Wyle said, “Mr. Spears’ actions have always been proper, and in strict conformity with the law, and the orders of the Los Angeles Superior Court.”Mr. Ingham did not respond to requests for comment.Mr. Spears was particularly interested in Ms. Spears’s boyfriends, Mr. Vlasov said. The security team tailed her boyfriends in a continuing effort to look for incriminating behavior or other evidence that they might be a bad influence on Ms. Spears, he said.“There was an obsession with the men in Britney’s life,” Mr. Vlasov said.Her boyfriends were required to sign strict nondisclosure agreements, Mr. Vlasov said. An agreement signed in 2020 by her boyfriend at the time, Sam Asghari, who is now her fiancé, technically forbade him to post on social media about Ms. Spears without Mr. Spears’s prior written approval.In a confidential report by a court investigator that was obtained by The Times, the investigator wrote in 2016 that Ms. Spears had told her that she could not befriend people, especially men, without her father’s approval and that the men she wanted to date were “followed by private investigators to make sure their behaviors are acceptable to her father.”Mr. Vlasov said that Black Box Security had billed more than $100,000 in 2014 for investigating and surveilling Ms. Spears’s boyfriend at the time. The boyfriend, David Lucado, told The Times that he had been aware at the time that he was being followed by private investigators, and he said he had called 911 twice because of dangerous tailing situations. He said he believed he might have been more of a target because he was encouraging Ms. Spears to understand her legal rights under the conservatorship.‘Free Britney’ draws attentionAnother object of intense interest among those controlling Ms. Spears’s life, Mr. Vlasov said, was the so-called Free Britney movement, a growing cohort of fans that in recent years has brought heightened attention to the conservatorship case. Black Box Security sent investigators to infiltrate the group at a rally in April 2019 and to develop dossiers on some of the more active participants.“Undercover investigators were placed within the crowds to talk to fans to ID them, to document who they were,” Mr. Vlasov said. “It was all under the umbrella of ‘this is for Britney’s protection.’” He shared surveillance photographs with The Times that corresponded to photos posted by Free Britney participants that day.Megan Radford, a member of the so-called Free Britney movement, was classified as “a high risk due to her creation and sharing of information.”via Megan RadfordBlack Box prepared a “threat assessment report” dated July 2020 that included background information on several fans within the movement, including people who had popular podcasts and social media accounts like “Britney’s Gram,” “Eat, Pray, Britney,” “Lawyers for Britney” and Diet Prada. One activist, described as a young mother in Oklahoma, Megan Radford, was classified as “a high risk due to her creation and sharing of information.”An email from August 2020 sent by Mr. Yemini discussed the possibility of surveilling Kevin Wu, a fan who runs the prominent Twitter account Free Britney L.A.“They were extremely nervous, because they had zero control over the Free Britney movement and what’s going to come out of it,” Mr. Vlasov said.The fees for surveilling Ms. Spears’s boyfriend and the Free Britney participants, Mr. Vlasov said, were billed to Ms. Spears’s estate. More

    • 125 Shares99 Views

      in Movies

      MoviePass Deceived Users So They’d Use It Less, F.T.C. Says

      by

      Federal regulators detailed tactics the company, which settled accusations against it, used to try to make its most active users go to the movies less.MoviePass, the failed subscription service that promised unlimited moviegoing for $9.95 a month, agreed on Monday to settle Federal Trade Commission accusations that it knowingly deceived customers, making the service difficult to use, and exposed their personal data.In the process, the F.T.C. revealed the elaborate obstacles that MoviePass executives made the most active users overcome, including forcing them to reset their passwords and setting unannounced limits on their accounts.The proposed settlement bars MoviePass’s parent company, Helios and Matheson Analytics, and its top executives, Mitchell Lowe and Theodore Farnsworth, from misrepresenting their business and data security practices. Any businesses controlled by them must also use information security programs.“MoviePass and its executives went to great lengths to deny consumers access to the service they paid for while also failing to secure their personal information,” Daniel Kaufman, the F.T.C.’s acting director of the Bureau of Consumer Protection, said in a statement.Those “great lengths,” as detailed in the F.T.C.’s complaint, revealed that top MoviePass executives were not only aware of efforts to keep users from going to the movies, but led the execution of schemes they knew to be deceptive.The service, which began in 2011, attracted more than three million subscribers after it offered a deal in 2017 that seemed too good to be true: unlimited movies in theaters for $9.95 a month, or less than the cost of a single ticket in many locations. Its marketing materials said it was good for “any movie, any theater, any day,” including “all major movies” and “all major theaters.”The company hoped that by subsidizing full-price tickets for millions of users, it could negotiate bulk prices from theaters and find other ways to make money from its users. That never happened, and executives, looking to cut costs, focused on trying to make its most active users less active, according to the F.T.C. complaint.In one effort, the company invalidated the passwords of the 75,000 subscribers who used the service most often, while falsely claiming “we have detected suspicious activity or potential fraud” on their accounts, the F.T.C. said. Many of the people who tried to reset their passwords were unable to because of technical problems; the app would not accept their email address, they would not receive a password-reset email, or the email would link to a nonworking website, the F.T.C. said.When users complained, customer service would take weeks to respond, the F.T.C. said. About half of the users successfully changed their password within a week, the F.T.C. said.When an executive warned that the practice would catch the attention of federal regulators and state attorneys general, Mr. Lowe responded in writing “OK I get it,” suggesting the company try it with “2 percent of our highest volume users,” the F.T.C. said..css-1xzcza9{list-style-type:disc;padding-inline-start:1em;}.css-3btd0c{font-family:nyt-franklin,helvetica,arial,sans-serif;font-size:1rem;line-height:1.375rem;color:#333;margin-bottom:0.78125rem;}@media (min-width:740px){.css-3btd0c{font-size:1.0625rem;line-height:1.5rem;margin-bottom:0.9375rem;}}.css-3btd0c strong{font-weight:600;}.css-3btd0c em{font-style:italic;}.css-w739ur{margin:0 auto 5px;font-family:nyt-franklin,helvetica,arial,sans-serif;font-weight:700;font-size:1.125rem;line-height:1.3125rem;color:#121212;}#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-family:nyt-cheltenham,georgia,’times new roman’,times,serif;font-weight:700;font-size:1.375rem;line-height:1.625rem;}@media (min-width:740px){#NYT_BELOW_MAIN_CONTENT_REGION .css-w739ur{font-size:1.6875rem;line-height:1.875rem;}}@media (min-width:740px){.css-w739ur{font-size:1.25rem;line-height:1.4375rem;}}.css-1dg6kl4{margin-top:5px;margin-bottom:15px;}#masthead-bar-one{display:none;}#masthead-bar-one{display:none;}.css-12vbvwq{background-color:white;border:1px solid #e2e2e2;width:calc(100% – 40px);max-width:600px;margin:1.5rem auto 1.9rem;padding:15px;box-sizing:border-box;}@media (min-width:740px){.css-12vbvwq{padding:20px;width:100%;}}.css-12vbvwq:focus{outline:1px solid #e2e2e2;}#NYT_BELOW_MAIN_CONTENT_REGION .css-12vbvwq{border:none;padding:10px 0 0;border-top:2px solid #121212;}.css-12vbvwq[data-truncated] .css-rdoyk0{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);transform:rotate(0deg);}.css-12vbvwq[data-truncated] .css-eb027h{max-height:300px;overflow:hidden;-webkit-transition:none;transition:none;}.css-12vbvwq[data-truncated] .css-5gimkt:after{content:’See more’;}.css-12vbvwq[data-truncated] .css-6mllg9{opacity:1;}.css-1rh1sk1{margin:0 auto;overflow:hidden;}.css-1rh1sk1 strong{font-weight:700;}.css-1rh1sk1 em{font-style:italic;}.css-1rh1sk1 a{color:#326891;-webkit-text-decoration:underline;text-decoration:underline;text-underline-offset:1px;-webkit-text-decoration-thickness:1px;text-decoration-thickness:1px;-webkit-text-decoration-color:#ccd9e3;text-decoration-color:#ccd9e3;}.css-1rh1sk1 a:visited{color:#333;-webkit-text-decoration-color:#ccc;text-decoration-color:#ccc;}.css-1rh1sk1 a:hover{-webkit-text-decoration:none;text-decoration:none;}In a separate effort, the company required the 20 percent of subscribers who used the service most often, about 450,000 people, to submit photos of their physical movie tickets for approval through the app, telling them they had been “randomly selected” for the program, the F.T.C. said. Those who failed to properly submit the tickets more than once would have their accounts canceled, the F.T.C. said.The automated verification system often did not work on common mobile operating systems, and the software failed to recognize many user-submitted photos, the F.T.C. said. The program blocked thousands of people from using the service, the F.T.C. said.Mr. Lowe personally chose how many people would be required to submit photos, the F.T.C. said.In a third effort described by the commission, the company created a “trip wire” by imposing a limit on how often certain users could use the service, but did not disclose the limit in its advertising or terms of use. The company grouped subscribers based on how often they used the service, then, once the group hit an unannounced limit, the people in the group would be unable to use the service, regulators said. The users often did not know they had been cut off until they arrived at the theater, expecting to use their subscriptions, they said.The trip wire was typically set on users who went to more than three movies per month, the F.T.C. said. Mr. Lowe set the thresholds, it said.In addition, a data breach in 2019, which was previously reported, exposed the personal and financial information, including credit card numbers, of more than 28,000 customers, the F.T.C. said.After three million people signed up — many more than executives had expected — the company perpetually struggled to bring in enough cash to offset costs. In April 2018, the company disclosed to regulators that it had been losing about $20 million a month for several months. In July 2018, it borrowed $5 million after it said it could not pay its bills and experienced a service interruption, but the company insisted its service remained stable.In August of that year, MoviePass limited users to three movies a month from a rotating list of films. In January 2019, it increased prices and installed new leadership, promoting Khalid Itum from executive vice president.All the while, customer complaints piled up, and analysts were skeptical the business could continue. They were right: The company shut down in September 2019.It was always a nuisance for theater operators, who thought the low price set by MoviePass would devalue their product.“In AMC’s view, that price level is unsustainable and only sets up consumers for ultimate disappointment down the road if or when the product can no longer be fulfilled,” the theater chain said in 2017 when MoviePass announced its $10 monthly rate. More

    • 88 Shares169 Views

      in Television

      Netflix Tests a Clampdown on Password Sharing

      by

      AdvertisementContinue reading the main storySupported byContinue reading the main storyNetflix Tests a Clampdown on Password SharingThe company said a feature was being tested with a limited number of users, a move that might signal a broader crackdown on the common practice of password sharing among family and friends.Netflix has been asking some users of the popular streaming service to verify that they live with the holder of the account.Credit…Jenny Kane/Associated PressMarch 14, 2021Updated 11:43 a.m. ETWant to watch “The Queen’s Gambit” or “Lupin”? If you’ve been borrowing a Netflix password from a family member or friend, you may now have to pay up.Netflix has started testing a feature that could prod users who are borrowing a password from someone outside their household to buy a subscription.The company said the feature was being tested with a limited number of users. It may signal a broader clampdown on the common practice of sharing passwords among relatives and friends to avoid paying for the popular streaming service.“The test is designed to help ensure that people using Netflix accounts are authorized to do so,” the company said in a statement.Some users began to notice the feature recently when they logged onto a shared Netflix account and saw a message on their screen that read, “If you don’t live with the owner of this account, you need your own account to keep watching.”To continue watching, these users were asked to either verify that it was their account by entering a code that was sent to them by text or email, or join with their own account to Netflix. They also had the option to complete the verification process later.A basic Netflix subscription, which allows customers to watch on one screen at a time, costs $8.99 a month. Customers who pay more can watch on additional screens simultaneously.Netflix declined to discuss its new feature, previously reported by The Streamable, an industry news site, in detail. But industry analysts said it might be part of an effort to enforce Netflix’s frequently overlooked terms of use, which state that its service and content “are for your personal and noncommercial use only and may not be shared with individuals beyond your household.”The test also appears to be more of a nudge to buy a subscription than an iron-fisted crackdown. For example, someone who was borrowing a password from a friend or family member could ask for the verification code that had been sent by Netflix.“I’m not convinced this is an all-out assault,” said Michael D. Smith, a professor of information technology and marketing at Carnegie Mellon University in Pittsburgh. “It could be a warning shot over the bow of some pirates.”But, he said, merely reminding people that password sharing is not allowed could persuade some people to buy subscriptions, rather than continue to use the ones that are paid for by their friends or relatives.“Even minor signals that piracy isn’t acceptable could change people’s behavior,” he said.The test comes as Netflix viewership has drastically risen during the coronavirus pandemic.The company said in January that it had added 8.5 million customers in the fourth quarter, for a total of 203.6 million paying subscribers by the end of 2020. The company has about 66 million customers in the United States and anticipated adding six million total subscribers in the first three months of this year.Netflix had earlier hinted that it was looking at ways to stop password sharing. Gregory K. Peters, the company’s chief product officer, said during a call to review the company’s earnings in October 2019 that Netflix was “looking at the situation.”“We’ll see, again, those consumer-friendly ways to push on the edges of that,” Mr. Peters said, adding that the company had “no big plans to announce at this point.”Professor Smith said the company clearly loses a significant amount of revenue through people using the service but not paying for it.“Sharing your password is piracy, and it could be costing Netflix a good deal of money if people who would otherwise subscribe are using their friends’ passwords, so that’s no doubt a problem,” he said. “The real challenge for them is finding who the password sharers and who the legitimate accounts are.”Beyond the business concerns, requiring users to enter a code that is texted or emailed could also have security benefits, said Lorrie Faith Cranor, a professor of computer science and engineering and public policy at Carnegie Mellon.Hackers could in theory change the settings of a customer’s Netflix account and start charging the person more, she said. They could also gain access to information that could help them break into other accounts, especially if the customer uses the same password for multiple accounts. “That’s a very common thing,” she said.But requiring a user to enter a code that is sent via text or email — a process known as two-factor authentication that is used by many social media and banking apps — makes it harder for attackers to break in.“I’m not sure it’s a huge benefit,” Professor Cranor said, “but there is some benefit.”AdvertisementContinue reading the main story More