Countless of hijacked Disney+ accounts are being sold online just a few hours after the new streaming service from Disney was launched, according to reports. Numerous online hacking forums are now offering these stolen accounts either for free or for a price ranging between $3 and $11. This is very surprising and disappointing considering that a legit Disney+ subscription just costs $7.
Just within 24 hours after it was officially made available in the market, the latest video streaming service from Disney managed to get 10 million customers. That is despite that the service is only available in select locations such as the US, Canada, and the Netherlands. While it was reported that Disney+’s launch was peppered with a lot of technical issues, only a few customers reported totally losing access to their accounts.
These accounts were taken over by hackers who technically logged them out of their devices and changed the account’s password and lock the legit owner out. The hackers were able to steal the Disney+ account credentials quickly and make them available for free or for sale online. This means that they either gained access by using malware that steals info or through leaked credentials from previous data breaches.
"Thousands of hacked Disney+ accounts are already for sale on hacking forums"https://t.co/NooZJ5yHl4
It's this again https://t.co/4MkmOeeSQ6 — Jarrod Overson @ FSISAC (@jsoverson) November 19, 2019
Various hacking forums now contain thousands of Disney+ accounts available for sale while according to ZDNet some forums are giving these details for free for the hacking community could use and share them with others. HackerOne Technical Program Manager Neils Schweisshelm shared that Disney can still fight account takeovers by utilizing two-factor authentication for its video streaming service. The problem is, passwords are the worst alternative in terms of secure authentication, but at the moment, we have nothing better, Schweisshelm added.
So while the headline makes it sound like Disney+ already got hacked, what happened is people signed up for some recipe website or TV news comment section with the same password she used for Disney+ (and Netflix and Hulu) and hackers are selling those accounts online. — Darryl Mott (@Abstruse) November 19, 2019
Disney told CNBC that it takes privacy and security of its users’ data very seriously and clarified that there is no indication that there is a security breach on Disney+. Disney’s new video streaming service is the latest addition to the growing streaming landscape with the likes of Hulu, Amazon Prime, and Netflix. To make sure that your account is not hacked, change your Disney+ password by visiting DisneyPlus.com/account.
