Police in Australia have arrested a man who allegedly made AU $300,000 (US $211,000) running a website which sold the account passwords of popular online subscription services including Netflix, Spotify, Hulu, PSN, and Origin.

The 21-year-old man was arrested on Tuesday in Sydney, Australia, following an international investigation by the FBI and the Australian Federal Police into the website WickedGen.com.

The WickedGen website bragged that it had over 120,000 users and almost one million sets of account details, offering monthly and yearly membership plans for those who wanted “access to thousands of premium accounts across a huge range of services.”

The account passwords, however, were not obtained via legitimate means. Instead the details were typically obtained through credential stuffing using swathes of usernames and passwords leaked through other data breaches, without the knowledge of their genuine owners.

AFP officers searched the arrested man’s property close to Dee Why beach in Northern Sydney, seizing computer equipment and “various amounts of cryptocurrencies” according to a police statement.

“This arrest is another example of the value and importance of our relationship with the FBI. These partnerships – both internationally and domestically – are critical in law enforcement being able to respond to rapidly-evolving and increasingly global crime types,” said the AFP’s Chris Goldsmid. “Individuals in Australia have had their personal data stolen for the sake of individual greed. These types of offences can often be a precursor to more insidious forms of data theft and manipulation, which can have greater consequences for the victims involved.”

The arrested man has been charged with a number of offences related to cybercrime and the use of false identities.

It’s not uncommon for family members to share a Netflix or Spotify password, but it’s a whole lot more serious stealing a stranger’s account details and using that to watch movies or listen to music – depriving a service and artists of income.

Worse of all, however, has to be those sites which sell stolen account details to anyone who’s prepared to pay.

To help protect your online accounts ensure that you always use hard-to-guess, hard-to-crack passwords, and that you never reuse the same password in more than one place.

And, wherever possible, enable two-factor authentication for an additional layer of security.