It is not even a week after the official launch of Disney +, but thousands of accounts have already been hacked from the streaming service. Hacking started according to tech site ZDNet a few hours after the official launch.
Accounts are resold
On different hacker forums the hacked accounts are resold for amounts between 3 and 11 dollars, while Disney itself asks for 7 dollars a month. Often there is a credit card attached to the accounts, which makes it possible for rogue hackers to easily conclude an annual subscription and then resell it.
For the time being it does not seem to be due to a data breach. The hackers gain access to the accounts by mixing and matching email addresses and passwords. This is especially easy if the user uses the same email address and password for multiple websites. That is why the advice is and remains: use a different password for every website. Yet people with a unique password have also become victims, which can mean that there is malware.
A good solution that Disney itself can offer is a two-step verification, where users log into their account using a unique code. This is currently not yet possible.
Users with hacked accounts indicate that Disney is not very helpful in recovering accounts or payments.