CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

CINEMAGOAL piracy operation dismantled after mass account takeovers via stolen streaming auth codes

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Italian authorities have dismantled the CINEMAGOAL piracy operation that used a rogue app to harvest and redistribute authentication codes for major streaming platforms such as Netflix, Disney+, and Spotify. The operation involved over 100 searches, seizures in Italy, France, and Germany, and the identification of 70+ resellers. The system evaded platform blocks by proxying through legitimate services using virtual machines and false identities, causing an estimated €300M in damages. Authorities have begun issuing penalties to identified subscribers and continue analyzing seized data to trace financial flows and additional actors.

Timeline

  1. 23.05.2026 17:23 1 articles · 1h ago

    CINEMAGOAL piracy infrastructure dismantled across Italy, France, and Germany

    Italian Guardia di Finanza coordinated with Eurojust to execute Operation "Tutto Chiaro", conducting 100 searches, seizing servers in France and Germany, and dismantling the CINEMAGOAL streaming piracy ecosystem. The operation targeted an app that harvested and redistributed authentication codes from legitimate streaming platforms via virtual machines and fraudulent accounts, causing an estimated €300M in damages. 200 officers participated, and penalties have already been issued to 1,000 identified subscribers.

    Show sources
    Open in new tab

Information Snippets

  • The CINEMAGOAL app was distributed to users and connected directly to legitimate streaming platforms using stolen authentication/decryption codes fetched from foreign servers every 3 minutes.

    First reported: 23.05.2026 17:23
    1 source, 1 article
    Show sources

  • Operators created fraudulent accounts on Sky, DAZN, Netflix, Disney+, and Spotify using false identification data to source valid subscription credentials for redistribution.

    First reported: 23.05.2026 17:23
    1 source, 1 article
    Show sources

  • The infrastructure used virtual machines in Italy to capture and redistribute credentials, masking user IPs and maintaining higher streaming quality than typical piracy streams.

    First reported: 23.05.2026 17:23
    1 source, 1 article
    Show sources

  • During Operation "Tutto Chiaro", authorities executed 100 searches, seized servers in France and Germany containing the app’s source code and decoding functions, and involved 200 financial police officers.

    First reported: 23.05.2026 17:23
    1 source, 1 article
    Show sources

  • The piracy operation had over 70 resellers selling annual subscriptions priced between €40 and €130, with payments made via cryptocurrency or foreign bank accounts under fake names.

    First reported: 23.05.2026 17:23
    1 source, 1 article
    Show sources

  • Authorities estimate €300M in unpaid subscription revenues were generated by CINEMAGOAL, and have already issued penalties to 1,000 identified subscribers ranging from €154 to €5,000.

    First reported: 23.05.2026 17:23
    1 source, 1 article
    Show sources

  • An associated IPTV service known as "pezzotto" was also dismantled during the same operation.

    First reported: 23.05.2026 17:23
    1 source, 1 article
    Show sources