Thousands of Disney+ accounts hijacked

Hackers exploited the video streaming service just hours after it launched

Hackers began hijacking thousands of Disney+ user accounts just hours after the service launched, to resell on hacking forums. 

ZDNet investigation discovered many of the hacked accounts are available for free on hacking forums, or are being sold for $3 to $11 (though a legitimate subscription is only $7). 

Advertisement - Article continues below

After its launch in the US, Canada, and the Netherlands on November 12, Disney+ attracted 10 million customers in the first 24 hours. The traffic impeded video streaming speeds, and many users were unable to access their favorite movies and shows.

Amidst the flood of technical complaints, other users began reporting a total loss of access to their accounts. The reports, posted to social networks like Twitter and Reddit, described online attacks in which hackers logged users out of their accounts on every device and changed the account's email and password to lock the previous owner out.

In some cases, reported anonymously to ZDNet, users reused passwords for their Disney+ accounts, meaning hackers could have gained access by using email and password combinations leaked at other sites. Others, however, used unique passwords, suggesting credentials may have been obtained through keylogging, a program that records a computer user's keystrokes, or info-stealing malware.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Thousands of hijacked Disney+ accounts are now up for sale, but some are being offered to the hacker community for free using the streaming service's account sharing function.

Other streaming services have been exploited in the same way; Amazon Prime, Hulu, and Netflix accounts are still being bought and sold on hacking forums all the time.

One way Disney+ could beef up security for their users would be to use a multi-factor authentication process to log in. This would prevent attacks relying on password credentials. Users should also create unique passwords for their accounts, but that won't protect them from malware.

Disney did not respond to IT Pro's request for details on the streaming service's current security measures at the time of publication.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

30 Jun 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020
Visit/security/malware/356231/most-malware-came-through-https-connections-in-q1-2020
malware

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020

Most Popular

Visit/business-strategy/careers-training/356422/ibm-job-ad-calls-for-12-year-experience-with-6-year-old
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/software/development/356420/linux-kernel-to-strip-out-racially-insensitive-terms
Development

Linux kernel to strip out racially insensitive terms

13 Jul 2020