It has been less than a week since Disney's video-on-demand streaming service went live and user accounts have already started getting hacked.
The streaming service, which amassed more than 10 million subscribers within the first 24 hours of its launch, has fallen prey to hackers who didn't waste any time in hijacking existing accounts of users and selling them online. While some of these accounts are going for free on hacking forums, others are being offered for as low as $3.
Several Disney+ users took to Twitter and Reddit to report that their accounts had been hacked into. While some users complained that they found strange names and extra profiles added to the account when they logged into their accounts, others reported receiving notifications that their account information including contact email and password had been changed, locking them out of their accounts.
What makes the issue more complicated is that Disney+ has a specific limit on how many devices can be connected to an account. Each account can be connected to a maximum of 10 devices, with no way to extend the limit or remove old devices.
Hackers may have either gained access to accounts of users who reuse passwords from other accounts by using email and password combinations leaked from other sites, or they may retrieved the Disney+ credentials with the help of keylogging or information-stealing malware.
Accounts for sale
Within hours of the streaming service's launch, hackers started making money off the accounts by putting them up for sale on hacking websites, with ads offering access to thousands of account credentials. Prices vary from $3 per account for a monthly subscription and $5 for the entire year. The monthly subscription fee for an official Disney+ account is $7.
What Disney+ users are facing right now is what users of other streaming platforms have been fighting against for years. Hackers have been selling Amazon Prime, Hulu, and Netflix user credentials for years and where there's demand there's bound to be supply.
How to prevent your account from being hacked?
If you want to make sure you don't get hacked make sure you do not use the same password as you use on other sites. Although this won't prevent malware from stealing information, it will still protect you from hackers who try to infiltrate accounts by using leaked email and password combinations.