Disney's long awaited streaming service launched last week to much fanfare, notching an impressive 10 million subscribers on its first day. However, of those 10 million new customers, not everyone was happy; Disney+ launched with a slew of technical difficulties, and even the Disney+ website was knocked offline at one point.
Technical woes tend to be expected when a new service arrives, but what wasn't expected was hundreds (thousands?) of accounts being hijacked and thrust onto the dark web for sale mere hours after the Disney+ launch.
DISNEY+ HAS BEEN OPEN FOR LIKE 10 HOURS AND MY ACCOUNT HAS ALREADY BEEN HACKED pic.twitter.com/YBv6CfwTlh— brandon ʕ·ᴥ·ʔ (@brandoncult) November 12, 2019
#distwitter has anyone’s @disneyplus account been hacked? My friend’s was; hackers changed email and password. Now she’s completely blocked from her 3-year prepaid Disney+ account. She’s been on hold for >2 hours— cat+dog=happyhome (@Travel4vr) November 12, 2019
Twitter was bombarded with many tweets similar to the above, and there's more than a few threads about it over at r/DisneyPlus. Users reported that their passwords were changed and they were logged out of all devices. In a report by ZDNet, at least two users confessed to recycling passwords from other accounts. Still, other users online have insisted they used unique passwords for their Disney+ account. So, it isn't presently clear how hackers came into possession of the accounts.
Now, hacking forums on the dark web have been inundated with the hijacked accounts, with prices for the account credentials ranging between $3 and $7, per ZDNet's reporting. In some cases, the hackers were offering access to the accounts for free, as Disney+ currently permits account sharing.
As of writing, Disney hasn't addressed the issue publicly, but the most advisable suggestion is to create unique, strong passwords -- something millions of people apparently still struggle with. Disney would also be wise to implement 2FA, which would fortify accounts against lazy hacking attempts.