Not even a month has passed since Disney’s streaming platform made its first steps, and hackers are already peddling stolen accounts.
Where there’s login information to be used, there’s login information to be stolen and sold. This has held true for the more seasoned OTT platforms like Netflix and Hulu, and it looks like newcomer Disney+ is no exception.
Multiple reports from around the internet state that just hours after the platform’s release, the hackers were selling logins for Disney+ as low as $3, in some cases even giving them away.
Etay Maor, CSO at the cyberintelligence company IntSights, told CNBC that such swift attacks are possible because many people use the same account and password for multiple accounts. The attackers quickly ‘try out’ login information that has already been leaked from other sources and collect the ones that work on Disney+.
However, unique account and password combinations were also reported to be leaked.
“Disney takes privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.”, a Disney spokesperson told the BBC. The spokesperson blamed the individual users’ bad security habits for the breaches.
The company, however, didn’t do much to help the situation. For example, there are no two-factor authentication options. Also, the user cannot remove a device from the account once it has been registered – if the invader maxes the amount of devices out on an account, there’s not much the user can do.
The Disney+ streaming app has plagued with technical difficulties since its launch on November 12th. The provider cites overwhelming interest in the platform as the reason – more than 10 million subscribers in the first week.