Cyber Security

IT security manager who ignored 847 password reset emails suddenly very interested in cybersecurity after own Netflix account compromised

By ·

A senior IT security manager who has routinely deleted password reset reminders since 2019 has discovered a renewed passion for digital safety protocols following unauthorised access to his Netflix account over the weekend.

Martin Hendry, 43, who serves as Head of Information Security at Midlands-based logistics firm Harwell Transport Solutions, had archived or ignored precisely 847 corporate security emails over the past four years, including 312 marked as urgent. He has spent the last seventy-two hours conducting what colleagues describe as an increasingly frantic investigation into how someone in Wolverhampton has been watching Love Is Blind on his Premium subscription.

The breach occurred on Saturday evening when Hendry noticed his viewing history included episodes he had not watched, along with the creation of a new profile called ‘Dave’. He immediately changed his password, enabled two-factor authentication, reviewed all connected devices, and sent a 2,400-word email to Netflix customer services demanding to know what additional security measures the company intended to implement.

This stands in marked contrast to his response earlier in the week when the company’s IT department warned of a potential phishing attack targeting senior management. Hendry deleted that email after reading the subject line, later explaining he had assumed it was someone trying to sell him something.

The integrity of my viewing recommendations has been fundamentally compromised. Someone has watched three episodes of a baking programme I would never choose. The algorithm now thinks I am a different person entirely.

Jennifer Okonkwo, IT support officer at Harwell Transport Solutions, confirmed that Hendry has not changed his work password since his initial setup in March 2021, despite monthly reminders and one in-person visit to his office. She noted that he uses the same password for his email, network access, and the company’s financial systems, all of which contain commercially sensitive information about the movement of industrial packaging materials across the European Union.

When informed last September that his work account had been flagged for suspicious login attempts from Romania, Hendry reportedly asked whether IT could just make the warnings stop appearing because they were interrupting his workflow. The same afternoon, he spent forty-five minutes on the phone with his mobile provider discussing whether his personal phone number might have been leaked following an unsolicited text message about PPI claims.

Hendry has since created a spreadsheet monitoring all Netflix activity on his account, which he updates every four hours. He has also installed three separate security applications on his personal devices and changed his Netflix password six times in three days.

His work password remains Harwell2021. When asked about this discrepancy, Hendry explained that corporate systems were different because they had IT departments to deal with security issues, whereas his Netflix account was a personal matter requiring his direct attention and vigilance.

The company’s annual cybersecurity training, which Hendry is responsible for overseeing, remains incomplete. He has not yet finished the mandatory modules, last logging in during August 2023 when he watched four minutes of a video about password hygiene before closing the browser. His Netflix viewing history, however, is fully up to date.

More from Cyber Security

IT security manager spends entire morning explaining what ‘phishing’ is to same director who fell for obvious scam in 2019, 2021, and last Tuesday

IT department celebrates successful phishing test by forwarding results to entire company in insecure spreadsheet

IT director who ignored seventeen password reset emails faces mandatory cybersecurity awareness training

Leave a comment

Your email address will not be published. Required fields are marked *