According to a piece by ZDNet, thousands of Disney+ accounts that have been stolen from their legitimate owners are already for sale on hacking forums. This comes only days after the much-anticipated streaming service launched, indicating that the platform didn’t do a great job in proactive security. As it seems, hackers were looking forward to the launch of Disney+ as much as the fans, as we’re talking about a new platform that comes with an amazing collection of content. In the first 24 hours, more than 10 million people rushed in to subscribe.
Many of them are now heading on social media channels like Twitter and Reddit to express their surprise and rage with the fact that hackers have managed to steal their accounts already.
https://twitter.com/brandoncult/status/1194312851306864640
#distwitter has anyone’s @disneyplus account been hacked? My friend’s was; hackers changed email and password. Now she’s completely blocked from her 3-year prepaid Disney+ account. She’s been on hold for >2 hours
— HopeandLight (@Travel4vr) November 12, 2019
Not even been half of a week and my dad’s Disney+ account has ALREADY been hacked.
Great security there @disneyplus @Disney. Unbelievable. #DisneyPlus
— Jesse (@CaptnJesturd) November 15, 2019
However, some accuse those victims of using weak passwords or using credentials that they have used elsewhere. This means that hackers could have merely followed common stuffing attack methods. In this situation, there are many who report that they used strong and unique passwords, so some of the stolen credentials may be the product of key-logging malware. Although nothing can be said with certainty right now, the Disney+ platform could do a lot better by offering account protection systems like the "industry standard" two-factor authentication.
So, considering that the subscription to Disney+ costs $6.99 per month, and $69.99 per year, how much could the hackers be selling the stolen accounts for? The answer ranges between $3 and $11, depending on the pre-paid period. However, paying for a year-long account in the dark market, for example, would be an idiotic thing to do, as the account is bound to be frozen after the real user reports the takeover. Disney+ is allowing account sharing, for now, so the system will not consider red flags that arise from fingerprint-based protection. If your account has been stolen, the only way to get it back is to report it immediately.
Whatever is really going on, Disney+ will definitely need to ramp up their efforts in account security. ZDNet’s investigation reveals that some accounts are offered for free, which indicates that the purpose of some hackers is to expose the streaming service and urge them to strengthen its security. For a streaming service launched in 2019 by a company with virtually endless financial resources and market domination plans, the failure in this field is remarkable no matter the fact that we’re still at the beginning.
Can you report anything similar to the above? Feel free to share the details with us in the comments down below, or join the discussion on our socials, on Facebook and Twitter.