Within hours of being launched, thousands of Disney+ user accounts were compromised by hackers.
The video streaming service launched last week amassing over 10 million subscribers on its first day alone. However, hours after its launch users started to report that their accounts had been compromised.
Many users stated that they had been locked out of their pre-paid accounts, with hackers changing the account’s email, password and account information – effectively taking over the account.
Users took to Twitter and Reddit to raise their concerns, with one user stating: “…apparently hundreds of accounts were hacked and sold online. My account got hacked & email/password changed, thankfully I cancelled my subscription before the back.”
Other users reported coming across random names and profiles linked to their account once logging in.
Many of the compromised Disney+ accounts are currently being offered for sale online on hacking forums for as little as $3, despite the legitimate Disney+ subscription costing $7 a month.
BBC also found numerous customer accounts for sale on the Dark Web.
Although, users have been waiting on online chats and telephone lines for hours, many have stated that Disney has yet to solve the issue.
A spokesman said: “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.”
In the statement, Disney state that users’ details have been stolen from another way, such as spyware on users’ devices.
Lead researcher with CyberInt, Jason Hill, commented that many accounts were stolen due to people using the same passwords for multiple sites. Hackers can steal someone’s password from a site that has previously been hacked, and try it on a new site such as Disney+.
“Whilst many may consider having a unique password for each online service to be difficult to manage, password managers simplify this process and allow you to generate and securely store unique difficult-to-guess passwords,” he added.
This is not the first on-demand video streaming service to be hacked. Other services included Netflix, HBO Now and Hulu have also been targeted by hackers.
Users have been recommended to use unique passwords for their accounts, as well as avoid answering suspicious emails from unknown senders.
Niels Schweisshelm, technical program manager at HackerOne said:
“This research should act as a reminder to all consumers about the importance of securing online accounts with strong, complex passwords. The trouble is, Passwords are the worst option for secure authentication, but we don’t yet have anything better. For the foreseeable future, people will have to continue making passwords work for them, whether that is using personal algorithms to keep track of them or using password managers.
“Organizations can do their part by implementing and pushing or even mandating two-factor authentication so that even if passwords are breached, the damage is contained. However, I don’t think we’ll see easy, small-scale theft like that of streaming service accounts brought under control anytime soon.”
The post #Privacy: Hacked Disney+ accounts are being sold for as little as $3 appeared first on PrivSec Report.