Disney Plus Hacked Within Hours of Launch

By:  |  Category: Blog, Security Tuesday, November 19th, 2019  |  No Comments
Starwars

Excited about Disney Plus? You might want to hold your horses a bit–that is until they get the hackers out of the system.

It only took a few hours after Disney launched their new streaming service for hackers to infiltrate user’s accounts. The con’s changed log-in credentials, locked out owners and then sold the info for $3 bucks on the Dark Web.

The roll out has been tumultuous, at best, due to a record high demand. Disney Plus servers crashed early on the Nov. 12 launch day. The new service signed up more than 10 million customers in the first 24 hours.

Unfortunately many of these same users are now complaining online that they’ve lost access to their accounts. Users have been tweeting they spent hours on the phone and in chat queues trying to get help from customer support from Disney.

Disney hasn’t been quick to respond to the challenges on the roll-out .

According to ZDNet, hacked accounts are popping up on forums all over the Internet, selling for $3 to $11.

A Disney Plus subscription costs $7 a month. ZDNet discovered some Disney Plus credentials are even being offered for free. The BBC also uncovered several hacked accounts for sale online.

“It’s no surprise that cybercriminals jump on the same bandwagon as everyone else when there’s a big new consumer launch,” Niels Schweisshelm, technical program manager at HackerOne, wrote Tuesday morning.” It’s a good reminder why strong password management is so essential for online security.

If a password is reused it makes the user even more vulnerable to other compromises. Bit even if it’s a new password–those can obviously get hacked too.

Disney Plus does not have multi-factor authentication, which would require someone to confirm their identity beyond the standard log-in and password before successfully signing into an account. Multi-factor authentication requires an additional security question or a code sent to the user’s email or phone.

“MFA does not guarantee that only the authorized user is indeed accessing the service, but it does help slow down or reduce the likelihood of bad-actors gaining access with only user ID and password credential,” Jonathan Deveaux, head of enterprise protection for Comforte AG, wrote Tuesday morning. “If this is the case with the reports of hacked Disney+ accounts, then Disney did not do anything wrong per se, but they could elect to look at increasing their security posture by upgrading their authentication program.

Source: https://globalnews.ca/news/6185648/disney-plus-accounts-hack-dark-web/?fbclid=IwAR1gGM6XWVzMOk2FQDf3kDP3S-cYvQ6JyoPk5H8J3sudrWZmF8nfvc–trY

https://www.washingtonpost.com/business/2019/11/19/thousands-disney-accounts-were-hacked-sold-online-little/

ZDNet

Image Source: https://www.pexels.com/photo/photo-of-room-full-of-toys-920860/

Samantha Keller
Leave a Comment
Read previous post:
Gogle Cache
Google cashing in on “Cache”-a New Checking Account

Google, in an effort to follow the money is hot on the heels of Apple and Facebook in developing their...

Close