DStv Now and Showmax users who have shared their login details or had them exposed may struggle to remove an authorised user from their account once they have access.
This is because it is currently not possible for users to force other devices to log out of their DStv or Showmax account, even after resetting a compromised password.
A DStv customer told MyBroadband about his experience after an unauthorised user gained access to his DStv Now account.
He told MyBroadband he had shared his login details with one close family friend, who was the only person outside his household who had access to the account.
The customer realised something was amiss after he received an email notifying him of a movie rented through DStv Box Office – which was charged to his account.
He checked with his friend and everyone who was able to access his DStv account, and confirmed that no one had rented a movie.
When he opened the DStv Now app on his smartphone, he noticed that several unknown devices had been added to his account and his own smartphone had been removed.
He proceeded to remove the devices he did not recognise and re-added his phone. The following day, however, when he opened the app, he found an unknown device had been added yet again.
He removed the device, and this time he changed the password for his account to try and cut off the unknown user’s access.
This did not work, and when he opened his DStv Now account again, his main profile had been amended to show the message below (offensive language censored).
The customer said he then contacted DStv for help on blocking the attacker from accessing his account.
A consultant told him even after changing his password and removing any devices he was not familiar with, the unauthorised user would still be able to use the account as they remained logged into it.
He then requested that his linked email address be changed in an attempt to kick the user off his DStv Now account.
His login details were changed and amended in 24 hours. However, after logging in with his updated information, the unwanted user was still on his account.
He then asked for his DStv account details to be completely unlinked from the DStv Now platform, so that the “hacker” would no longer have access.
Showmax has similar issue
A subscriber of MultiChoice’s streaming service Showmax recently detailed a similar experience when using this service.
She had shared her Showmax account password with one family member, and an unauthorised user had gained access to her account and allocated several of their own devices.
After spotting the unrecognised devices, she removed them and changed the password. Hours later, however, the unknown devices were once again allocated, as the illegitimate user was not logged out.
She contacted Showmax, who was only able to provide a link via email which she needed to click on to reset the registration limit once it ran out.
This was because she was forced to continuously remove unknown devices and re-add her own, and Showmax users only get 20 device changes per year.
No option to force a user out
MyBroadband contacted MultiChoice for comment on the matter, and its stance on password sharing on DStv Now and Showmax.
It said it was still investigating these cases, but said it had not seen any evidence of system issues.
The company added that Showmax and DStv Now are intended for use within a single household.
“This is one of the reasons that we caution people against sharing login details – even if it’s done with good intentions for a single event. Once those details are out of one’s personal control there’s no way to guarantee their security or stop them being shared more widely,” MultiChoice said.
With regards to not being able to log unwanted users out of an account, MultiChoice said it does not automatically log out all devices when a password was changed.
This is because it does not want to interrupt streaming for any members if they are watching content.
It said it was reviewing this approach and considering a one-time pin (OTP) solution for verifying devices when they are first added.
“If users see unusual activity on their accounts and/or unexpected devices registered to their account, in the first instance we suggest changing the password, and obviously not sharing this information. If a subscriber is still experiencing issues they should contact our customer care team.”