The Disney+ video streaming service was hijacked by hackers just a few hours after it launched on November 12. So far, approximately 4,000 hacked Disney+ account credentials are listed as products for sale on hacking forums. The prices of these accounts are from $3 to $11. Even though Disney+ video streaming only provides service in the United States, Canada, and the Netherlands, more than 10 million people became its customers in the first 24 hours after it launched. However, its popularity was accompanied by a lot of technical issues. Many users are not able to stream movies and shows, and some users are not even able to access their accounts.
According to Harry (@Harry8__), one of the victims in this Disney+ account hacking:
“Disney + launch has been absolutely horrible. Their customer service is no help at all and apparently hundreds of accounts were hacked and sold online. My account got hacked & email/password changed, thankfully I cancelled my subscription before the hack.”
Just like what we tried to warn people in our prior post Do Not Use These 32 Passwords!. Not only Disney+ account holders, but also Amazon Prime account holders, Hulu account holders, and Netflix account holders should at least use unique passwords in order to prevent the most common attack relying on password reuse. In addition, Disney should have implemented multifactor/two-factor authentication (MFA/2FA) because logging in based on username and password only is the account security plan that should not be applied in a company like Disney. MFA/2FA can provide an extra security step by sending out a one-time use PIN code to the user via email or text message. So that the log-in user can be verified if he/she is the real account holder in two or more authentic factors.
Contact LIFARS Immediately if Your
Organization was Hit with a Data Breach