Disney says there's 'no indication of a security breach on Disney+,' as it appears that some accounts have been compromised when consumers use the same credentials and passwords across multiple online accounts.

Jeff Baumgartner, Senior Editor

November 19, 2019

4 Min Read
Disney+ Targeted by Hackers

After overcoming a temporary buckling of its sign-up system on launch day, Disney+ is dealing with another issue in the early going -- complaints from some customers that their accounts have been hacked alongside evidence that Disney+ credentials are being sold on the dark web for cents on the dollar.

According to a ZDNet investigation, "thousands" of Disney+ accounts have been hacked recently, alongside evidence that service credentials are being offered for free or as low as $3 via the dark web.

Per the report, those users claim that hackers accessed their accounts, logged them out of all their authorized streaming devices and then changed the email and password of those subscriptions -- essentially locking them out of the Disney+ service -- before putting those credentials up for sale. Meanwhile, some Disney+ customers who fell prey to this hacking complained that they've had trouble getting a rapid response or remedy from Disney's customer service unit.

"Disney takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+," a Disney spokesperson said in an emailed statement.

Disney's systems are designed to notice suspicious login activity on a customer's account. When that happens, the company, as a precaution, will lock the account and request a password reset.

Figure 1: Hackers appear to be targeting Disney+ by seizing upon consumers who use the same passwords and credentials for multiple online services and accounts. Hackers appear to be targeting Disney+ by seizing upon consumers who use the same passwords and credentials for multiple online services and accounts.

While it's not entirely clear what's occurring in every hacking instance, Disney, which launched Disney+ on November 12, said a security breach of the service itself or any of Disney's platforms is not to blame. It's most likely that the issue stems from unauthorized people re-using a customer's email and password combinations gathered during previous security incidents impacting other companies.

Jason Hill, a researcher at CyberInt, told the BBC that it appears many of the Disney+ accounts were compromised because some customers use the same passwords for different online accounts. If a hacker has access to an email and password that is used across multiple accounts, the same credentials could be used to gain access to Disney+ and other streaming service accounts and wreak havoc. Hill suggested that consumers use password managers that provide unique sign-ons without making the process overly complicated or cumbersome.

Although ZDNet claims that hackers have compromised thousands of Disney+ accounts, it's affecting a small number of the entire user base. On Wednesday, the day after Disney+ debuted in the US, Canada and the Netherlands, the company said the service had already eclipsed 10 million subscribers.

Crackdown on digital piracy and password-sharing
But a focus by hackers on Disney+ shines some additional light on a piracy issue that will only grow in importance as Disney and other programmers and media giants develop and launch direct-to-consumer streaming services. While video security used to be the primary domain of cable operators and other pay-TV providers, the burden will increasingly fall upon companies like Disney as well.

Disney is among those already taking some steps in this direction. As part of its new distribution deal with Charter Communications, Disney agreed to collaborate with Charter on "piracy mitigation" that will include clamping down on password-sharing and other issues involving unauthorized access to streaming services.

Meanwhile, The Alliance for Creativity and Entertainment (ACE), a legal consortium that counts Disney and other major studios and distributors among its members, recently launched an effort that takes aim at password-sharing and unauthorized access by sharing information and the use of best practices.

Related posts:

— Jeff Baumgartner, Senior Editor, Light Reading

About the Author(s)

Jeff Baumgartner

Senior Editor, Light Reading

Jeff Baumgartner is a Senior Editor for Light Reading and is responsible for the day-to-day news coverage and analysis of the cable and video sectors. Follow him on X and LinkedIn.

Baumgartner also served as Site Editor for Light Reading Cable from 2007-2013. In between his two stints at Light Reading, he led tech coverage for Multichannel News and was a regular contributor to Broadcasting + Cable. Baumgartner was named to the 2018 class of the Cable TV Pioneers.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like