Disney responds to Disney+ hacked accounts: ‘No evidence of a security breach’


  • Disney+
  • Thursday, 21 Nov 2019

A big question is why hackers would purchase account info for Disney or any other service – given that they would likely be disabled in short order for suspicious activity. One possibility is that cybercriminals would intend to use the login details to try to attack other services, as users often reuse the same passwords for multiple sites. — AFP

LOS ANGELES: Thousands of Disney+ accounts have reportedly been hacked and stolen – and offered for sale on underground cybercrime forums. Disney has now responded, saying only a "small percentage" of the service's 10 million-plus users have seen their usernames and passwords compromised and that Disney+ systems were not breached by hackers.

"We have found no evidence of a security breach," a Disney rep said in a statement to Variety. "We continuously audit our security systems and when we find an attempted suspicious login we proactively lock the associated user account and direct the user to select a new password."

The response comes after a report by tech-news site ZDNet that several thousand Disney+ accounts were being offered for free on hacking forums or available for US$3-US$11 (RM12-RM46) per account. It's not clear how the credentials were poached, but the speculation is hackers "gained access to accounts by using email and password combos leaked at other sites" or by using keylogging malware, per the ZDNet report.

Disney pointed out that that the problem of cybercriminals stealing usernames and passwords isn't unique to Disney+: "Billions of usernames and passwords leaked from previous breaches at other companies, pre-dating the launch of Disney+, are being sold on the Web."

Indeed, currently, there are nearly 80,000 compromised Netflix accounts for sale from one single market, on offer for an average one-time payment of US$6 (RM25) per account, according to KELA, an Israeli threat-intelligence provider. Also, to put the Disney+ hacks into context, they appear vastly smaller in scope than security breaches that have afflicted the likes of Yahoo (which said upwards of 3 billion accounts were stolen several years ago) or Facebook (which last year said hackers had accessed info on 29 million users).

In the case of Disney+, according to Disney, "We have seen a very small percentage of users in this situation and encourage any users who are having these kind of issues to reach out to our customer support so we can help them."

A big question is why hackers would purchase account info for Disney+ or any other service – given that they would likely be disabled in short order for suspicious activity. One possibility is that cybercriminals would intend to use the login details to try to attack other services, as users often reuse the same passwords for multiple sites. According to a Google study earlier this year, 52% of consumers said they use the same password across multiple accounts – and 13% use the same password for all accounts.

Meanwhile, even though Disney is telling users to contact Disney+ customer service if they believe their accounts have been hacked, numerous users have complained that wait times remain very long for Disney+ support. The company said Nov 19 that there's still a "high volume" of incoming help calls.

The customer-service backlog appears to be holdover from the Disney+'s widespread technical problems on launch day, including users being unable to log in to the service at all. On Nov 19, Kevin Mayer, Disney's direct-to-consumer chairman, said the glitches were related to "the way we architected the app", and not because of any third-party provider.

Disney+ launched Nov 12 in the US, Canada and the Netherlands, followed by Australia and New Zealand on Nov 19. At launch, Disney+ includes nearly 500 movies and 7,500 TV episodes from Disney, Pixar, Marvel, Star Wars, National Geographic, and other brands, including originals like The Mandalorian, which data shows has piqued interest among viewers.

Disney+, after a free seven-day trial, costs US$6.99 (RM29) per month (or US$69.99/RM291 per year). Disney also is selling a discounted bundle including Disney+, Hulu, and ESPN Plus for US$12.99 (RM54) monthly. In addition, Disney has a deal with Verizon to give Verizon Wireless unlimited-plan customers one year of Disney+ for free, with the same offer for new Fios broadband and 5G home broadband subscribers. – Variety/Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
   

Did you find this article insightful?

Yes
No

Next In Tech News

Facebook signs letter of intent with three Australian media firms
Twitter wants you to think twice before posting that reply
Oxford University says research not affected after media reports of COVID lab hack
Robinhood added 6 million crypto users in last two months
Microsoft failed to shore up defenses that could have limited SolarWinds hack - U.S. senator
Dell beats revenue estimates on buoyant demand for desktops, notebooks
ByteDance agrees to $92 million privacy settlement with U.S. TikTok users
Blue Origin delays New Glenn rocket launch to 2022
Wix.com hits 200 million users, says will continue to invest
Pandemic, EU billions drive Greece's digital revolution

Stories You'll Enjoy


Vouchers