Advertisement

Updated November 19th, 2019 at 12:42 IST

Thousands of Disney Plus accounts compromised, selling on dark web: Report

Shortly after launch, thousands of Disney Plus users were locked out of accounts for suspicious behaviour. This could be a massive data breach for Disney+.

Reported by: Tanmay Patange
Disney+
| Image:self
Advertisement

In what appears to be a massive data breach, thousands of Disney+ accounts were found listed for sale on the dark web. Shortly after launch, thousands of Disney+ users were locked out of their accounts for suspicious behaviour.

Disney+ accounts compromised

Although it is unclear at the moment if this was a coordinated attack on existing Disney+ accounts, chances are previously compromised, leaked credentials available on online hacking forums may have led to this problem. Disney+ itself was not compromised, but people who chose a weak password were the weak link, cybersecurity firm Bitdefender explains.

In most cases, hackers use existing leaked credentials that are readily available on the internet. Since most users fail to reset their passwords even after their account credentials were compromised, hackers can simply try same, existing credentials to access other services.

READ | Disney Plus video streaming service now live, to compete with Netflix

Disney+ went live last week across the US and Canada, featuring thousands of movies and TV episodes from Disney, Pixar, Marvel, Lucasfilm and National Geographic. Disney said 10 million subscribers signed up for Disney+ within a day of launching its new video streaming service.

In an email statement to Republic World, Monique Becenti, channel and product specialist at a cybersecurity firm SiteLock, had this to say:

"User accounts and login information is appealing to hackers because it is a gateway to valuable customer data that could provide access to a wide range of other user accounts associated with your login details, such as banking information or credit card data. In the case of Disney+, some users’ credentials were changed, which resulted in users being locked out of their accounts."

READ | 'Historic' Disney+ streaming launch marred by glitches

"In this case, some hacked accounts are listed for more than the cost of a legitimate account. For bad actors, a hacked account is valuable as more than a way to access streaming content for cheaper than market price. It opens the door to other valuable information, like passwords, that can be used in things like credential stuffing attacks," Becenti added.

How to prevent this

Security researchers recommend two-factor authentication to safeguard their online accounts.

"People who are interested in signing up for streaming services such as Disney+ should ensure that two-factor authentication is offered to better protect their login credentials and personal data," Becenti said.

The price tag associated with accounts being sold on the dark web can vary due to a variety of factors, such as the type of personal data cybercriminals can access, but generally, they can be sold for upwards of hundreds of dollars," she added.

Advertisement

Published November 19th, 2019 at 12:23 IST

Your Voice. Now Direct.

Send us your views, we’ll publish them. This section is moderated.

Advertisement
Advertisement

Trending Quicks

A poster of Crew
a few seconds ago
Bengaluru Blast: Rameshwaram Cafe Customer Demands Refund for Meal Not Served
a few seconds ago
"We never celebrated Holi after the incident (the murder), I felt that today is Holi for us,” Alka Rai, wife of formerBJP MLA Krishnanand Rai said.
3 minutes ago
PM Modi & BillGates
8 minutes ago
Sunita Kejriwal urged people to send ‘messages of support’ to Delhi CM
12 minutes ago
LSG Captain KL Rahul After Loss in IPL 2024 1st Match
19 minutes ago
Gautam Gambhir gets into a fight with Virat Kohli
25 minutes ago
Noida Police Slaps Rs 80,500 Fine On 2 Girls For Creating 'Vulgar Holi Reels' On Moving Scooter And Delhi Metro
25 minutes ago
China stocks rise
29 minutes ago
Advertisement
Advertisement
Advertisement
Whatsapp logo