Customers of Disney’s new streaming service are frustrated. Disney+ has already had its share of speed bumps since its November 12 launch, including technical issues its first day, and now thousands of its customers are claiming their accounts have been hacked.
Get started on your online Homeland Security degree at American Military University.
So far, the streamer has overcome the glitches, launching its $7 a month service in the U.S., Canada and the Netherlands last week with the studio saying it already has 10 million subscribers.
As reported by Deadline, according to an investigation by tech site Zdnet, the accounts of thousands of Disney+ subscribers have been hacked and put up for sale on the dark web. This understandably causes fear with consumers as no one wants their personal information in the wrong hands. Many customers have claimed to have waited for hours to have their accounts restored, but without resolution.
Allegedly, hackers are selling Disney+ accounts for as little as $3, according to the investigation. In addition, the BBC claims to have found several hacked customer accounts for sale on the dark web.
Disney, however, says there has been no security breach of its streaming platform. “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+,” said a Disney+ spokesperson via email. “These incidents most likely occurred as a result of an unauthorized individual re-using a customer’s email/password combination gathered during previous security incidents impacting other companies.”
Disney confirms it has security protocols firmly in place should the company detect suspicious activity on an account. As part of Disney’s standard operating procedures, the company explains the first step is to lock personal accounts if its systems notice suspicious login activity on a user’s online account with The Walt Disney Company.
This is a precaution wherein Disney will lock an account and request a password reset. “If a customer suspects something is going on, they should reach out to customer support immediately,” adds the Disney spokesperson.
Chief Attribution Officer at C3 Metrics, Jeff Greenfield, concurs this is likely due to customers using passwords they’ve already used for other accounts and suggests checking old passwords on sites such as Have I Been Owned, which allows a consumer to enter their email address and see if it was involved in a data breach and even lists which events were involved. “It’s highly unlikely, with all of the breaches in the last 24 months, that your email address has not been compromised. Although Disney+ is a new ‘streamer’, Disney professionals understand the need for both security and disclosure in the case of a breach. As Disney has made no such disclosure, there was no security breach and this is simply the case of consumers utilizing the same username and password they have used on other sites.”
Some customers have also said they’re concerned because they are able to use the same Disney+ login to access their Disney store and Disney theme park accounts. It is advised to immediately update to new, never-before-used passwords. Yes, it’s hard to keep track of all the various passwords to all the accounts we use in our daily lives in this digital world, so perhaps keeping a handwritten list somewhere safe would be helpful.
However, many of these subscribers have said they did use new User IDs and passwords when they set up their Disney+ accounts, but analysts claim these accounts may have been hacked if those passwords have ever been used for different sites. At this point, Disney+ does not have two-factor authentication, which could be helpful against future cyber-attacks.
We live our lives online, with our most personal and sensitive information in cyber space. As in many of Disney’s top movies and shows, the digital age in which we live has its share of bad guys versus good. In this case, Disney is assuring its subscribers there has been no breach in security.
Overall, this issue seems to be under control, says Stephan Paternot, co-founder and CEO of online film finance marketplace Slated. “From the initial reports I’m hearing, it seems very limited in scope with only ‘thousands’ of accounts reported stolen. If that’s true it’s a very small speed bump and won’t affect their growth. And quite frankly, it’s better to get battle-hardened early than much later when the stakes are way higher.”
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.