& cplSiteName &

Disney+ Targeted by Hackers

Jeff Baumgartner
11/19/2019

After overcoming a temporary buckling of its sign-up system on launch day, Disney+ is dealing with another issue in the early going -- complaints from some customers that their accounts have been hacked alongside evidence that Disney+ credentials are being sold on the dark web for cents on the dollar.

According to a ZDNet investigation, "thousands" of Disney+ accounts have been hacked recently, alongside evidence that service credentials are being offered for free or as low as $3 via the dark web.

Per the report, those users claim that hackers accessed their accounts, logged them out of all their authorized streaming devices and then changed the email and password of those subscriptions -- essentially locking them out of the Disney+ service -- before putting those credentials up for sale. Meanwhile, some Disney+ customers who fell prey to this hacking complained that they've had trouble getting a rapid response or remedy from Disney's customer service unit.

"Disney takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+," a Disney spokesperson said in an emailed statement.

Disney's systems are designed to notice suspicious login activity on a customer's account. When that happens, the company, as a precaution, will lock the account and request a password reset.

Hackers appear to be targeting Disney+ by seizing upon consumers who use the same passwords and credentials for multiple online services and accounts.
Hackers appear to be targeting Disney+ by seizing upon consumers who use the same passwords and credentials for multiple online services and accounts.

While it's not entirely clear what's occurring in every hacking instance, Disney, which launched Disney+ on November 12, said a security breach of the service itself or any of Disney's platforms is not to blame. It's most likely that the issue stems from unauthorized people re-using a customer's email and password combinations gathered during previous security incidents impacting other companies.

Jason Hill, a researcher at CyberInt, told the BBC that it appears many of the Disney+ accounts were compromised because some customers use the same passwords for different online accounts. If a hacker has access to an email and password that is used across multiple accounts, the same credentials could be used to gain access to Disney+ and other streaming service accounts and wreak havoc. Hill suggested that consumers use password managers that provide unique sign-ons without making the process overly complicated or cumbersome.

Although ZDNet claims that hackers have compromised thousands of Disney+ accounts, it's affecting a small number of the entire user base. On Wednesday, the day after Disney+ debuted in the US, Canada and the Netherlands, the company said the service had already eclipsed 10 million subscribers.

Crackdown on digital piracy and password-sharing
But a focus by hackers on Disney+ shines some additional light on a piracy issue that will only grow in importance as Disney and other programmers and media giants develop and launch direct-to-consumer streaming services. While video security used to be the primary domain of cable operators and other pay-TV providers, the burden will increasingly fall upon companies like Disney as well.

Disney is among those already taking some steps in this direction. As part of its new distribution deal with Charter Communications, Disney agreed to collaborate with Charter on "piracy mitigation" that will include clamping down on password-sharing and other issues involving unauthorized access to streaming services.

Meanwhile, The Alliance for Creativity and Entertainment (ACE), a legal consortium that counts Disney and other major studios and distributors among its members, recently launched an effort that takes aim at password-sharing and unauthorized access by sharing information and the use of best practices.

Related posts:

— Jeff Baumgartner, Senior Editor, Light Reading

(0)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from The Bauminator
Light Reading's Jeff Baumgartner and Alan Breznick discuss the key themes from Cable Congress and Cable Next-Gen Europe in Berlin, finding there's a renewed focus on 1-Gig speeds and the fixed mobile network.
Programmer looking at direct-to-consumer streaming service that would aggregate Discovery's programming and target US consumers who don't subscribe to pay-TV.
The hemorrhaging of the US pay-TV industry isn't just bad. It's scary bad. Happy Halloween, everyone!
Telco is the first non-owner, non-cable operator to tap into Canoe's dynamic ad insertion platform for VoD.
Featured Video
Upcoming Live Events
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events
Upcoming Webinars
Webinar Archive