Thousands of Disney+ accounts hijacked

Hackers exploited the video streaming service just hours after it launched

Hackers began hijacking thousands of Disney+ user accounts just hours after the service launched, to resell on hacking forums. 

ZDNet investigation discovered many of the hacked accounts are available for free on hacking forums, or are being sold for $3 to $11 (though a legitimate subscription is only $7). 

After its launch in the US, Canada, and the Netherlands on November 12, Disney+ attracted 10 million customers in the first 24 hours. The traffic impeded video streaming speeds, and many users were unable to access their favorite movies and shows.

Amidst the flood of technical complaints, other users began reporting a total loss of access to their accounts. The reports, posted to social networks like Twitter and Reddit, described online attacks in which hackers logged users out of their accounts on every device and changed the account's email and password to lock the previous owner out.

In some cases, reported anonymously to ZDNet, users reused passwords for their Disney+ accounts, meaning hackers could have gained access by using email and password combinations leaked at other sites. Others, however, used unique passwords, suggesting credentials may have been obtained through keylogging, a program that records a computer user's keystrokes, or info-stealing malware.

Thousands of hijacked Disney+ accounts are now up for sale, but some are being offered to the hacker community for free using the streaming service's account sharing function.

Other streaming services have been exploited in the same way; Amazon Prime, Hulu, and Netflix accounts are still being bought and sold on hacking forums all the time.

One way Disney+ could beef up security for their users would be to use a multi-factor authentication process to log in. This would prevent attacks relying on password credentials. Users should also create unique passwords for their accounts, but that won't protect them from malware.

Disney did not respond to IT Pro's request for details on the streaming service's current security measures at the time of publication.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

Hackers could trick scientists into making deadly toxins
hacking

Hackers could trick scientists into making deadly toxins

30 Nov 2020
Phishing attacks surge ahead of Black Friday and Cyber Monday
Security

Phishing attacks surge ahead of Black Friday and Cyber Monday

17 Nov 2020
Hackers target flaws in PBX system to hijack VoIP calls
hacking

Hackers target flaws in PBX system to hijack VoIP calls

6 Nov 2020
Wisconsin Republican Party allegedly loses $2.3 million to hackers
hacking

Wisconsin Republican Party allegedly loses $2.3 million to hackers

30 Oct 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020