This is another stark reminder that you are never safe online! 2019 is breaking records left and right in terms of data breaches, and Disney+, which just launched on November the 12th just added to the 10 billion breached data so far. Disney+ passwords are stolen and sold on forums.
Looks like hackers didn’t waste any time and just hours after the service launched they got to work. The stolen accounts and passwords are now sold or offered for free on different hacker forums. If you signed up for Disney+ you better hurry up and change your password now.
Although Disney+ Launched only in the US, Canada and the Netherlands in the first round it managed to rack up around 10 million customers in its first 24 hours. A hugely successful launch just in terms of signups probably thanks to the exclusive titles like The Mandalorian and all Disney classics that you know and love. Read How to Watch The Mandalorian Online From Anywhere In The World but make sure you pick a unique password and use two-factor authentication to protect your account.
Disney+ was also struggling to keep up with the interest and people signing up so the servers went down for periods of time and people were not able to log in to use the service or not able to sign up in the first place.
It didn’t take long for people to start reporting that hackers have taken over their accounts and changing their passwords, locking them out completely. People started posting in Reddit and Twitter that they were unable to log in and the support of Disney+ was completely helpless in resolving the issue. Seems like Disney+ passwords were stolen in just a few hours.
Disney+ passwords stolen and sold for up to $11
ZDNet reported that passwords stolen from Disney+ were sold on hacker forums from $3 per account to as much as $11 — which is more than what a legitimate Disney+ account costs from Disney, which is $7. ZDNet also posted a few screenshots of ads selling Disney+ accounts.
Surprisingly, some hackers offered the accounts for free
Disney+ has denied any data breaches and has stated:
“We have found no evidence of a security breach. Billions of usernames and passwords leaked from previous breaches at other companies, pre-dating the launch of Disney+, are being sold on the web. We continuously audit our security systems and when we find an attempted suspicious login we proactively lock the associated user account and direct the user to select a new password. We have seen a very small percentage of users in this situation and encourage any users who are having these kind of issues to reach out to our customer support so we can help them.”
According to Insidethemagic, Disney+ users are suffering from the same thing some Netflix and Hulu users. Hackers are sending emails that claim subscribers’ accounts have been locked or saying their credit card needs to be updated in order to gain access to their account. They also use usernames and passwords that have been stolen from other sites and try them on platforms like Disney+ to try to find a match that works.
Whatever the case is, Disney+ has started with all sorts of issues and headaches. It’s important to learn from this and remind everyone NOT TO REUSE passwords for different sites. This might be the more convenient method but it looks like its just a matter of time your personal data gets hacked so be prepared. If a site offers two-factor authentication please use it.
Other ways to keep yourself safe online
When you sign up to a service or a website you trust your data with them. But how can you make sure you keep yourself as protected as possible when online?
One of the most vulnerable points of attack is a public WiFi network. Every time you connect to a public WiFi – in the gym, in airports, in Starbucks or in any other care or restaurant you run the risk of getting your data stolen. Never log into any private sites or do banking when using public networks without a VPN.
A VPN encrypts your data so even if anyone is trying to “listen” to your web traffic they are unable to. A VPN also blocks malicious sites, has DNS leak protection and Network Kill-Switch and can bypass any geo-restrictions.