Disney+ launched with much applause by families excited to stream their favourites shows and movies from the Disney vault that includes Marvel, Pixar, Star Wars, and even National Geographic properties. But not everyone is applauding as it has been reported that thousands of Disney+ customers’ accounts have been hacked and are now up for sale (for as little as $3) on the dark web.
According to ZDNET, customers were logged out of their Disney+ accounts by hackers then their usernames, emails, and passwords associated with the Disney+ accounts were changed, effectively locking the paid customers out. Making things even more frustrating for Disney+ customers are complaints, according to ZDNET and other news media, that Disney+ has not responded to their customers who are asking for help.
In a statement to CNBC, Disney+ said that it “takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.” However, screenshots, like the ones published here, show a different story.
It is possible that there was no data breach on Disney+ but rather an unfortunate situation in which hackers used malware that targets devices such as phones and tablets. Hackers could have applied a method called “credential stuffing” as described by Chief Security Officer at IntSights, Etay Maor, who told CNBC that credential stuffing “happens when the attacker automates the process of trying usernames and password on a targeted site, many people use the same password on multiple websites. This allows the attacker to ‘test’ and see if the password from the obtained database was used on the targeted site.”
Hackers have been stealing streaming accounts for years because there is a steady demand on the dark web. To protect yourself, experts say to make sure you do not use the same passwords across different accounts.
This story is still developing.