Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

Recorded: May 23, 2026, 2:58 p.m.

Original

News

Featured
Latest

Microsoft warns of new Defender zero-days exploited in attacks

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Hackers bypass SonicWall VPN MFA due to incomplete patching

Flipper One project needs community help to build open Linux platform

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

Skip the small talk—learn new languages in this Babbel app deal

Netherlands seizes 800 servers of hosting firm enabling cyberattacks

Former US execs plead guilty to aiding tech support scammers

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsLegalItaly disrupts CINEMAGOAL piracy app that stole streaming auth codes

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

By Bill Toulas

May 23, 2026
10:23 AM
0

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify.
Unlike typical IPTV service providers that openly market themselves online and expose their operations, CINEMAGOAL's approach was stealthier, as it used an app that customers installed on their devices.
During the large-scale anti-piracy operation called “Tutto Chiaro” (All Clear), Italian law enforcement conducted 100 searches across the country and seized materials that could help investigators identify involved individuals, as well as determine the amount of illegal profits.
According to Guardia di Finanza, the law enforcement agency operating under the Ministry of Economy and Finance, the operators of CINEMAGOAL likely made millions of euros from audiovisual piracy, unauthorized computer access, and computer fraud.
The CINEMAGOAL app connected directly to the legitimate streaming platforms and authenticated using valid decryption codes fetched from foreign servers.
The system used virtual machines in Italy to capture valid authentication/decryption codes from legitimate subscriptions every 3 minutes and redistribute them to customers. These legitimate subscriptions were opened using false identification data on Sky, DAZN, Netflix, Disney+, and Spotify.
Authorities highlight that CINEMAGOAL not only evaded blocks but also offered superior streaming quality, as users streamed content directly from the service rather than receiving a pirate stream, and masked customers’ real IP addresses.
"A highly advanced and previously unseen system that not only bypassed the security blocks implemented by the platforms, but also increased viewing quality, reducing the possibility that end users could be ‘intercepted’" by the control system," Guardia di Finanza explains.
“Access to the aforementioned application, in fact, did not involve the use of a connection directly attributable to a specific IP address, thereby providing greater shielding for the end user.”
In an action coordinated by Eurojust, police forces seized CINEMAGOAL servers in France and Germany that contained the app’s source code and functions for decoding protected streams. 200 financial police officers participated in the operation.
The illegal streaming business had more than 70 resellers, who sold annual subscriptions between €40 and €130 ($46-$150).
Payments were made using cryptocurrency or to foreign bank accounts and accounts registered under fake names.
It is estimated that CINEMAGOAL has caused damages of around €300 million ($347M) in unpaid subscription revenues over the time of its operation.
Authorities are now analyzing seized material to identify all involved parties, including end users, and estimate total profits.
They have already identified many subscribers and sent penalties ranging from €154 to €5,000 ($179-$5,800) to the first 1,000 of them.
The investigation into CINEMAGOAL is still in a preliminary phase, as specified by Guardia di Finanza.
During the same law enforcement action, an IPTV service known as “pezzotto” was also identified and dismantled.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate.
Download Now

Related Articles:
Netherlands seizes 800 servers of hosting firm enabling cyberattacksPolice seize “First VPN” service used in ransomware, data theft attacksINTERPOL ‘Operation Ramz’ seizes 53 malware, phishing serversUK fines water supplier $1.3M for exposing data of 664k customersGM agrees to $12.75M California settlement over sale of drivers’ data

CINEMAGOAL
Italy
Legal
Netflix
Piracy

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Popular Stories

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Microsoft warns of new Defender zero-days exploited in attacks

Exploit released for new PinTheft Arch Linux root escalation flaw

Sponsor Posts

Managing Shadow AI: 5 Steps to Secure Employee AI Use Without Killing Productivity

Protect Your Business from Ecommerce Fraud

Patch management isn't enough. See why privilege is defining security risk today.

Overdue a password health-check? Audit your Active Directory for free

33% Rise in Healthcare Credential Theft in 2025: What you need to know

Upcoming Webinar

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Italian authorities successfully dismantled a piracy ecosystem centered around the CINEMAGOAL application, which was utilized to obtain access to various streaming platforms including Netflix, Disney+, and Spotify by stealing legitimate streaming authentication codes. This operation, known as “Tutto Chiaro,” involved extensive law enforcement action, including 100 searches across the country, to identify perpetrators and ascertain the scale of illegal profits generated through audiovisual piracy, unauthorized computer access, and computer fraud.

The CINEMAGOAL system operated stealthily, distinguishing itself from traditional IPTV services by using a mobile application installed directly on user devices, rather than overtly marketing operations. Technically, the system functioned by utilizing virtual machines located in Italy to capture valid authentication and decryption codes from legitimate subscriptions every three minutes, which were then redistributed to customers. This process allowed CINEMAGOAL to bypass security blocks implemented by the streaming platforms while simultaneously offering superior streaming quality and masking the actual IP addresses of the end users, thereby reducing the possibility of being intercepted by control systems.

The scope of the illegal enterprise was significant, involving more than 70 resellers who marketed annual subscriptions ranging from forty euros to one hundred thirty euros. Financial transactions were conducted using cryptocurrency or through bank accounts registered under false identities. Authorities estimate that the CINEMAGOAL operation caused damages amounting to approximately three hundred million euros, or three hundred forty-seven million dollars, in unpaid subscription revenues during its operational period.

In a coordinated effort involving Eurojust, police forces seized CINEMAGOAL servers located in France and Germany, which contained the application's source code and the functional mechanisms for decoding protected streams. Furthermore, the investigation also led to the dismantling of another associated IPTV service known as “pezzotto.” Law enforcement is currently analyzing the seized materials to identify all involved parties, including end users, and to estimate the total illicit profits, having already issued penalties ranging from fifteen hundred fifty-four to five thousand euros to the first one thousand identified subscribers. The investigation remains in the preliminary phase as specified by the Guardia di Finanza. Bill Toulas, a technology writer and infosec news reporter, covered this development.