Australian Federal Police have announced the arrest of an Australian man who is alleged to have been behind a website selling stolen usernames and passwords for streaming services. The website, called, is alleged to have had 120,000 users and contained over 1 million stolen Hulu, Netflix and Spotify passwords.  The arrest was said to be the result of an investigation launched in May 2018, on information passed on by the FBI.

The 21-year-old Sidney resident, reported by the DailyMail as 21-year-old IT worker Evan Leslie McMahon, is expected to appear in court in Sidney today. He is facing 5 charges relating to unauthorized access, dealing in the proceeds of crime, and false or misleading information. The WikedGen website functioned by utilizing a process referred to as credential stuffing, in which previously stolen and leaked passwords are compiled and sold. During the alleged 2-year operation of the website alleged to have had over 120,000 users and to have made to hundreds of thousands of dollars.

Australian authorities credit cooperation with the FBI as a contributing factor in this arrest. “This arrest is another example of the value and importance of our relationship with the FBI. These partnerships – both internationally and domestically – are critical in law enforcement being able to respond to rapidly-evolving and increasingly global crime types”, said Australian authorities. They went on to say that they are working with the streaming services.

This this is yet another cautionary tale, and a reminder that there is always somebody on the internet with malintent. Although, a break-in to your Netflix account is not exactly catastrophic, this still serves as a reminder that we all need to practice better cyber security. Many users are guilty of getting complacent with passwords, making it easier for crimes such as this to take place. I encourage everyone to get out there and change those old passwords, and keep tabs on your account usage.