My Netflix Account was Hacked … Again

Someone Hijacked My Netflix Account

Several someones, perhaps. They had the gall to upgrade my account from 2 to 4 screens. They also renamed two of my “Who’s Watching” profiles to “Hide” and “hide”. Still not sure what that accomplishes.

This was surprising for a few reasons:

  • Only my wife and I have access to the password for Netflix.
  • I use very strong, random passwords generated by my favorite secure password manager, LastPass.
  • My LastPass account is secured by a very strong password and 2-factor authentication.
  • Any password recovery attempts would send an email to my Gmail account, which requires a strong password and is also protected by 2-factor auth.
  • Three days ago, I received a warning from Netflix because they noted suspicious activity. They told me they reset my password. I then logged in and and changed it myself, again using a strong password generated by LastPass.

Yet yesterday, I received an email from Netflix that my account was upgraded without my intervention.

How To Check If Your Netflix is Hacked

I spent a good 20 minutes batting questions back and forth with Netflix customer service over chat.

We took a look at the My Activity page. You might want to do the same. It shows everything you’ve been watching. If you see anything unusual in there, click the link at the top named See recent account access.

The Recent Account Access page shows you every IP address and country that’s accessing your account.

I had entries from Germany, Italy, and all over the US.


What To Do If Your Netflix is Hacked

Netflix customer support told me to change my password, yet again. I changed my password to a 60-character random value, the maximum allowed.

They also told me to go into My Account > Settings and click on Sign out of all devices.

They assured me that this would solve the problem.

It’s been 2 days, and there’s been no further access.

How Do I Think My Netflix Got Hacked?

I don’t know for sure, there are many possibilities.

My home network could be infiltrated. Hoping it’s not that.

I didn’t always use different, strong passwords for every single service. Years ago, when I signed up for Netflix, I used a pattern where I’d use a non-dictionary word or phrase, and suffix it with the service name. So perhaps it’d be something like “gr8tstuff@netflix”.

I’m guessing my email and a variation of this password showed up in a data breach somewhere. Let’s say it was the Yahoo! breach, which recently leaked 500 million accounts and passwords.

If my account at Yahoo was protected by a password like “gr8tstuff@yahoo”, then a clever hacker would see that I’m following the pattern of a known string followed by the service name. They could easily guess that I might also have a Facebook account protected by “gr8stuff@facebook” and a Netflix account with “gr8tstuff@netflix”.

Or perhaps Netflix was hacked a while back, and my old password was used by many individuals until I changed it recently.

In any case, just changing my password wasn’t enough to kick out the interlopers using my old Netflix password. Their devices still had access.

How To Log Into Netflix on Roku with a Really Long Password

I’d rather sled bare-back on a giant cheese grater than type 60 random characters into a Roku with a remote control. Let alone 3 Rokus.

Roku has Android and iOS apps, and they support typing (and copy-pasting) using your smartphone or tablet keyboard. This is a life-saver.

Here’s the official Roku app in the Google Play Store. Here’s the official Roku app in the iTunes App Store. The iOS app is hard to find using an iPad. You have to change your filter from “iPad Only” apps to “iPhone Only” apps.

Once you have the app talking to your Rokus:

  • Navigate to the Netflix login screen on the Roku. Enter your email.
  • Open the Roku app on your phone or tablet and select the Roku device you want to control. Click the Remote button to open the virtual remote control.
  • In the Roku app, tap the keyboard icon near the bottom. This should open a text box and show the virtual keyboard.
  • Switch to your password manager and highlight/copy your password.
  • Switch back to the Roku app.
  • Paste the password into the text field in the Roku app. Watch all the characters get typed into the Roku.
  • Realize that pasting 60 characters in a row doesn’t work reliably and login is failing.
  • Divide your password up into 6 groups of 10 characters.
  • Flip back and forth between apps pasting 10 characters at a time.
  • Keep doing this until it works.
  • It’s still better than typing 60 random characters.

What Could Netflix Do Better?

  • Require re-authentication to change service levels.
  • Make sure old passwords don’t work for changing service levels.
  • Allow users to restrict viewing to known countries.

Is My Netflix Account Secure Now?

I don’t know. Time will tell.

Mute the microphone in GoToMeeting using a hotkey and AutoHotKey

My favorite Windows desktop automation utility is AutoHotKey. I use it to fix a variety of annoyances and add functions to applications that I wish the original authors had seen fit to add.

I like being able to mute my microphone quickly using a hotkey combination when using a voice chat app. We use GoToMeeting at work. GoToMeeting doesn’t seem to provide any hotkey capabilities for common operations like muting the microphone.

When in use, the Windows GoToMeeting client presents a control interface that contains common controls like mute/unmute, webcam and screen sharing. It looks like this:

GoToMeeting UI

I tried to use the WindowSpy utility that comes with AutoHotKey to get the window and control information for that microphone mute button. However, it doesn’t appear that the mute button is a gettable control.

So I’ll use AutoHotKey’s ControlClick command to click the microphone mute button for me using X,Y coordinates relative to the window container.

Below is my AHK snippet, which I place within my general AutoHotKey.ini file. It maps Ctrl-Alt-X to click that button. Ctrl-Alt-X is a keyboard combo that I can strike one-handed, but which I won’t accidentally invoke otherwise. You can map it to whatever keyboard combination you like.

I admit the solution is brittle. If GoToMeeting changes their UI such that the coordinates of the mute button change, this will break.  They’ve done it before.

Then again, mapping AHK to window and control IDs isn’t exactly rock solid anyway, so these kinds of fixup scripts are always a little brittle.


; Ctrl-Alt-x toggles mute in GoToMeeting
; SetControlDelay is recommended by AHK to
; improve reliability by avoiding holding
; the mouse button down during the ControlClick.
SetControlDelay -1
; Specifying NA avoids marking the target
; window as active and avoids merging its
; input processing with that of the script, yada yada. RTFM.
ControlClick, X50 Y25, ahk_class G2WShareActionButtons,,,, NA

It’s Not Dead Yet – Replacing an Auria EQ276W Power Supply

TL;DR – If you need a replacement power supply for the Auria EQ276W monitor:

  • The manufacturer, EQD, has apparently declared bankruptcy.
  • One reader purchased this replacement by Upbright, but hasn’t reported back as to how it worked out. From the description and reviews, it seems like a good choice.
  • A couple readers of this blog have found this T-Power power supply on Amazon. Be warned, however, that this model is rated for only 5A, which is less than the 6A factory power supply. Readers have reported it works. One reader received a defective unit, and T-Power demonstrated great support and replaced it with a working unit.
  • If you’re electronically inclined, you can purchase any properly rated power supply and solder the old power cable onto the appropriate leads. You’re looking for a 24 volt supply that can handle over 6 amps. Make sure the supply has adequate heat sinks or cooling to handle that much power. Here is one power supply a reader has successfully adapted.

On to the story…

In July 2012, I read Jeff Atwood’s post, The IPS LCD Revolution. Super-high-resolution 27″, no-name computer monitors from Korea for under $400? Yes, please!

The local Microcenter had just one EQD Auria EQ276W left, but it was “open-box”. Someone had returned it. I had them plug it in to prove it worked. I negotiated a bit extra off the already-reduced price, a return guarantee and a 1-year warranty from date of purchase, and took it home.

The monitor expired nine months after its warranty.

When I’d plug in the monitor, the green power supply light would light up, the monitor would come on for an instant, then go off. No amount of fiddling could keep the monitor powered up.

My suspicion was that the power supply was dead. It’s usually the power supply, and within the power supply, it’s usually the capacitors that fail (see my post, It’s Not Dead Yet – Fixing the Onkyo TX-SR606 HDMI board).

Here’s the power supply’s badge. Make/model is “Coming Data LP-2460”.


The power supply puts out 24V at 6A through a 4-pin round connector. You can see the “pin-out” diagram above the “MADE IN CHINA” text. Two positive leads on the left, two negative on the right.

I tested the power supply with a multi-meter and it seemed to still be putting out 24V, but I know that under load, it probably wouldn’t be able to sustain the amps. If I’d had more time, I might have put together some kind of testing circuit to see if I could determine if the supply would fail under load. My discretionary time is limited, so I instead decided to throw money at the problem and get a new one.

I found a couple of sources online that wanted $70 for an exact replacement power supply. $70 is highway robbery for a monitor power supply, IMHO. So I took a flyer on this $30 one from Amazon.

I should not have bought the power supply without seeing a pin-out diagram. Turns out the replacement’s pins are wired differently. They’re off by 90-degrees, meaning the top two pins are positive and the bottom two are negative. That’s a non-starter, quite literally.

The new power supply was also quite a bit lighter than the old one, which is a red flag. It doesn’t contain as much metal to dissipate heat like the old power supply. This could mean even if I get it working, it could burn out or become a fire hazard in short order.

I sat on the problem for a couple weeks until I had some time off work.

I called EQD at their support number and a very helpful tech took my information and said he’d inquire to see if they could send me a replacement power supply out of warranty. So that’s now working in the background.

I decided to take apart the new power supply to see if I might be able to rewire it to correct the pin-out. Nope. There were just two leads in the connector wire, red and black, to feed all four pins. The red would forever be wired to the top two pins, and the black to the bottom two.

It occurred to me that I might be able to re-use the connector wire from the old power supply. I snipped the old connector wire off the old power supply and compared the wiring. Again, just two wires, red and black. But in the old wire, the top left pin didn’t appear to be connected to red. It wasn’t connected to anything I could discern. This was worrisome, as it might mean it was the wire itself that failed. But given the wire hasn’t had any significant stress since I bought the monitor, it seemed unlikely the wire would be faulty. More likely the monitor was pulling all 24V from a single pair of pins.

I soldered the old wire to the new power supply and put everything back together.

Lo and behold, the monitor powered up!

My victory was soured shortly after by several issues.

  1. The new power supply is HOT! Like, “can’t touch it”-hot. Not great, and not worth the fire hazard.
  2. The monitor now hums loudly, which it didn’t before. There’s noise being induced into the monitor. Even with the monitor’s volume set to zero, it hums.
  3. The monitor supports a maximum native resolution of 2560×1440 pixels, but only when connected to a source using DisplayPort or DVI-D Dual-Link connectors. The new laptop I just bought has neither of these kinds of connectors, only HDMI and VGA. So I can’t use the monitor to its fullest potential and instead I’m forced to use up-scaled 1920×1080. I’ve tried some tricks to set custom resolutions using the Intel HD Graphics 4400 configuration app, to no avail. Yuck.

So, an incomplete victory and a long way to go to get this monitor working again. I’ll put the monitor aside for now until either EQD comes through with an OEM replacement power supply, I find another 24V 6A well-designed power supply, or I decide to suck it up and buy an OEM replacement for $70.

Update: June 26, 2014

I ran with the new/modified power supply for a few hours today. It started emitting a toxic burning plastic smell, so I unplugged it. Next stop? The trash.

EQD called back yesterday to tell me they would sell me a new power supply. $45.00 plus $12.35 shipping. The new supply will be rated for 6.25 amps instead of 6.0, so it’s a bit beefier than the original power supply. I took the deal, as I can only find exact OEM replacements on eBay and elsewhere for over $70.

I (somehow) found this 113-page test report for the Coming Data LP line of power supplies. Could be useful if anyone else wants to take a swing at fixing their broken power supply.

Update: July 22, 2014

The replacement power supply arrived last week and the monitor is back in business! The power adapter runs relatively cool, and there’s no hum.

Additionally, I bought my way out of the predicament with my laptop not being able to drive the monitor to its full resolution with this StarTech USB 3.0 to DisplayPort external video card. Not the ideal solution, but as close as I could come without returning the laptop which I otherwise like.

Update: September 18, 2014 

A reader let me know that the (877) 375-1065 phone number for EQD is no longer working. I tried the number myself and confirmed it.

Update: October 2, 2014 

Great sleuthing by an anonymous commenter! The number to reach EQD directly is (949) 246-5270. Guess they got tired of paying the bills from the toll-free number with all of us dissatisfied owners calling.

Update: June 18, 2015

It appears EQD filed for bankruptcy on September 25, 2014. I guess there’s no profit in replacing burned out power supplies. QED, EQD.

Update: June 23, 2015

More praise coming in for the T-Power replacement. A reader received a defective power supply via Amazon, and T-Power replaced it with a working one.

Update: June 23, 2016

My own Auria is still chugging away happily on the replacement power supply I received from EQD before they filed bankruptcy. I’m writing on it right now.