Just hours after Disney+ went live, a friend of mine couldn’t log in and received a notice from the new streaming service that her account had been compromised. It turns out she wasn’t the only one. In fact, the BBC reported that thousands of accounts for the brand new service were immediately hacked.
Since Disney+ went live, attackers have stolen thousands of customers’ accounts and put them up for sale on the dark web, according to a report.
People waited on telephone and online chat lines for hours, and many still say that Disney has yet to sort their problems.
That’s not great. But the soon-to-be owners of all of entertainment are not about to take the blame on this one; no, they’re saying it’s your fault, it’s just a coincidence that has nothing to do with them.
But the firm says it does not believe its systems have been compromised.
“Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+,” a spokesman said.
The statement indicates that members’ details have been stolen by other means.
That could involve spyware on users’ devices or the re-use of login details stolen from elsewhere.
Seems likely.
The BBC’s cyber security expert did say that it seemed likely the immediately hacked users had been hacked on a different service and were refusing details, which people just plugged into Disney+, but they also said Disney wasn’t exactly going all-out in protecting customers, either.
So not only does this suck but it also goes towards something I was noticing with Disney+ the security seems from the same era as the first lion king film. That is to say lacking. If your account was hacked there is next to no way to log everyone out. https://t.co/I4YqpgMZXL
— KurtzOperations (@KurtzOperations) November 17, 2019
Two factor authorization is pretty standard nowadays, and it’s not like Disney can’t afford it, they own everything. If 2FA were a movie franchise they’d already be swallowing the studio that makes it.