Thousands of Disney+ users claim that they have been hacked after signing up on the video-streaming platform. An investigation by ZDNet revealed that thousands of account details of Disney+ users were for sale on the dark web.
Soon after the service was launched on November 12, several users reported of having technical issues with their accounts, with many users saying that they were locked out.
Based on the investigation by ZDNet, it was revealed that the account info of some users that signed up on Disney+ were on sale on the dark web within hours after the service went live.
The hackers were known to be reportedly selling user info for as less as $3 dollars online – keep in mind that the Disney+ subscription cost alone is $7.
Several subscribers whose accounts were stolen have reported that their emails and passwords were changed. While users state that they used unique passwords for accessing the streaming platform, a lead cybersecurity researcher Jason Hill is under the opinion that people may have had used the same passwords across different platforms.
DISNEY+ HAS BEEN OPEN FOR LIKE 10 HOURS AND MY ACCOUNT HAS ALREADY BEEN HACKED pic.twitter.com/YBv6CfwTlh
— brandon ʕ·ᴥ·ʔ (@brandoncult) November 12, 2019
#distwitter has anyone’s @disneyplus account been hacked? My friend’s was; hackers changed email and password. Now she’s completely blocked from her 3-year prepaid Disney+ account. She’s been on hold for >2 hours
— cat+dog=happyhome (@Travel4vr) November 12, 2019
Not even been half of a week and my dad’s Disney+ account has ALREADY been hacked.
— Jesse (@CommandrBlitzer) November 15, 2019
Also, some users are concerned by the fact that they use their Disney+ credentials for accessing other products such as the Disney store and recreation parks as well.
Technical difficulties combined with long customer-service wait times have led to disgruntled Disney+ customers to take to social media to vent their frustration. Disney apologized in a tweet saying that it was experiencing an “overwhelming response.”
It is to be noted that Disney+ is strongly denying any security vulnerabilities on its end. “Disney takes the privacy and security of users' data very seriously and there is no indication of a security breach on Disney+” said the company's spokesperson.
Based on the aforementioned statement, it can be speculated that the passwords may have been stolen through other means such as spyware on user devices and reusing login information that is obtained elsewhere. It's worth noting that, as of now, Disney+ does not have a two-factor authentication.
Launched as a response to the video-streaming mammoth Netflix, Disney+ hosts a myriad of video-content such as Disney movies, short films, TV series, and films of the Marvel as well as Star Wars franchises. Currently available in countries the USA, Canada, and the Netherlands, nearly ten million people signed up on the first week of launching.