Disney says that despite Disney+ hacked accounts, there's no evidence of a security breach

[midian182]

A hot potato: The launch of a streaming service with over 10 million customers was always likely to have some problems, and Disney+ was no exception. In addition to the technical problems it experienced, there were also reports of thousands of accounts being hacked and stolen, but the company insists it never suffered a breach.

On launch day, Twitter and Reddit were swamped with users reporting that their passwords had been changed and they’d been logged out of all devices. Account credentials appeared on the dark web’s hacking forums, with prices ranging from $3 to $7, though some were offered for free, as Disney+ allows account sharing.

Disney, however, says it wasn’t hacked. “We have found no evidence of a security breach,” a rep said in a statement to Variety. “We continuously audit our security systems and when we find an attempted suspicious login we proactively lock the associated user account and direct the user to select a new password.”

Some affected users did admit to reusing credentials from other accounts, which could be how the hackers accessed them, but there were customers who insisted they used unique passwords.

Hackers could have gained access by trying credentials leaked from other sites, or they could have used keyloggers. As Disney noted: “Billions of usernames and passwords leaked from previous breaches at other companies, pre-dating the launch of Disney+, are being sold on the web.”

Disney said only a small percentage of Disney+ customers have reported their accounts being hacked, and it urges anyone who believes they’ve been compromised to contact its customer services.

Earlier this week, Disney exec Kevin Mayer said the Disney+ launch’s problems were to do with the way it architected the app, and nothing to do with Amazon or other third parties. It appears the company wasn’t expecting such a large demand.

Permalink to story.

https://www.techspot.com/news/82872-disney-despite-disney-hacked-accounts-there-no-evidence.html

 

[Uncle Al]

It's really got to make you wonder if there are ANY ethical companies left in the US ......

 

[gigantor21]

Really not keen on the lack of 2FA on the site/app.

 

[rrwards]

Really not keen on the lack of 2FA on the site/app.

Exactly. How can they come out and say "We take security seriously" and not have any form of 2FA.

 

[wiyosaya]

Typical Di$ney. We're perfect! We have the best employees in the world! You're using the website wrong! It's your problem! Deal with it!

I have an iTunes account, and it was hacked. I even changed my password to a 21-character string, and it was hacked again after that. The dollar amounts were relatively small both times and crApple refunded my money, however, WTF? For me, this is evidence that there are hacks and intrusions that circumvent normal login procedures.

If Di$ney is trying to say that their login mechanism is infallible, they really need to get their head out of their bank account and into the real world.

I was also told many times by crApazon that my info was secure, not that I believed that either. Then, last year they were hacked. Since I use https://sneakemail.com/ it was a unique e-mail address, just like it was for crApple above, and I got some e-mail on that address that was suspicious. I reported it to two different crApazon addresses, and one came back and said, report it elsewhere. Those kinds of responses are too. They should forward it on, but corporate arrogance wins out. Then, about a month or so later, I got an e-mail from crApazon stating that my account was likely hacked. I lost nothing, perhaps, because I keep no sensitive information in my account. No address, payment methods. Nothing!

IMO, it is about time companies get their heads out of the profit clouds and realize that their security is not infallible.