Thousands of Disney+ accounts hacked, put on sale on dark web

A number of people have reported being locked out of their accounts

Disney+ Canada

Update 20/11/19: Disney has said that breaches at previous companies are to blame for the hacked accounts due to users recycling passwords for several services.

Thousands of Disney+ accounts have been hacked and put up for sale on the dark web, according to an investigation from ZDNet. 

The streaming service launched on November 12th in Canada, the United States and the Netherlands.

People took to social media to complain about being locked out of their Disney+ accounts on the service’s launch day. They received emails that their account information had changed.

Hours after the service launched, accounts were being sold on the dark web for as little as $3 USD (approximately $4 CAD). A subscription to Disney+ costs $8.99 CAD per month.

The stolen accounts on the dark web displayed the type of subscription the user signed up for and when the account expires.

In a statement issued to MobileSyrup, a Disney spokesperson said that “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.”

A cybersecurity expert told BBC News that hackers were likely able to access the accounts because people use the same password for many different accounts. Hackers are able to lift a password from a different site that was previously hacked and use it to access Disney+ accounts.

Disney+ also does not have two-factor authentication, which is when a separate password is sent after a login to verify identify.

Users have reported waiting on telephone and online chat lines for hours, while many say that the problems have not been sorted out, as reported by BBC News.

The streaming service faced issues on launch day as several users reported technical problems with the platform.

Image credit: ZDNet

Source: ZDNet, BBC News