Disney+ Hacks Lead to Accounts for Sale on Dark Web, Disney Denies Security Breach

Disney is going to need to gather its legions of heroes to defend it from a new enemy. After Disney+, the company’s streaming service, launched last week, thousands of customers have claimed their accounts have been hacked (per Deadline). An investigation by tech site Zdnet states that hackers have breached customer accounts and put access to them up for sale on the dark web. Customers have stated they’ve been waiting to have their accounts restored to no avail.

The breached accounts are reportedly selling on the dark web for $3-11, per Zdnet. A legitimate account starts at $6.99 a month, with a Hulu and ESPN bundle available for an additional $6, a hefty price to pay for a compromised account.

Online data analysis states that some accounts were stolen because people used the same passwords for different sites, an incautious blunder of which many of us are guilty. Additionally, Disney+ doesn’t have two-factor authentication, which could help guard against cyberattacks. Concerns for security go beyond the Internet: Since Disney+ users can utilize their Disney+ login to access the Disney store and Disney theme park accounts, the possibility of being charged extra through those channels is worrying customers, as well.

In response to the reported breaches, Disney told Deadline that they “take the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.” They also stated that personal accounts are meant to be locked if the studio detects suspicious activity. With a reported 10 million subscribers, there’s a lot of accounts—and money—at stake.

Between these reported account hacks and the widespread technical problems that tainted Disney+’s launch, the streamer has gotten off to a bumpy start.