Disney Plus accounts are already being hacked and sold online

(Image credit: Shutterstock)

Hijacked Disney+ accounts are being sold online just hours after Disney's new streaming service launched, reports have claimed.

Many of these stolen accounts are being offered for free on hacking forums or are available for sale with prices ranging from $3 to $11, despite the fact that a legitimate Disney+ subscription only costs $7.

In its first 24 hours, the Disney+ video streaming service already managed to gain 10m customers even though it is currently only available in the US, Canada and the Netherlands.

The service's launch was plagued with technical issues though a few customers reported losing access to their accounts entirely. These users had their accounts taken over by hackers who logged them out of all of their devices and then changed the account's email and password to lock the previous owner out.

Disney+ credentials

The hackers behind these account takeovers were able to mobilize quickly to steal Disney+ account credentials and make them available for sale online. This suggests that they either gained access to these accounts by either using leaked credentials from past data breaches or by using info-stealing malware.

Hacking forums now have thousands of Disney+ accounts available for sale but ZDNet also discovered that some forums were giving away these credentials for free so that the hacker community could use and share them with others.

Technical program manager at HackerOne, Niels Schweisshelm explained how Disney can combat these account takeovers by implementing two-factor authentication for its service, saying:

"It’s no surprise that cybercriminals jump on the same bandwagon as everyone else when there’s a big new consumer launch. The scale of fresh accounts means it’s very much worth their while to invest in attempting to compromise them – cybercriminals can rely on consumers’ security apathy to give them an easy win. 

"This research should act as a reminder to all consumers about the importance of securing online accounts with strong, complex passwords. The trouble is, Passwords are the worst option for secure authentication, but we don’t yet have anything better. For the foreseeable future, people will have to continue making passwords work for them, whether that is using personal algorithms to keep track of them or using password managers. Organizations can do their part by implementing and pushing or even mandating two-factor authentication so that even if passwords are breached, the damage is contained. However, I don’t think we’ll see easy, small-scale theft like that of streaming service accounts brought under control anytime soon.” 

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Latest in News
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
Elayne, Egwene, and Nynaeve dressed regally and on horseback in The Wheel of Time season 3
'There's a reason why we do it': The Wheel of Time showrunner responds to fans who are still upset over the Prime Video show's plot alterations
Google Pixel 9
Android 16 could bring an improved Samsung DeX-style desktop mode to more phones
An Nvidia GeForce RTX 4060 Ti
Nvidia could unleash RTX 5060 and 5060 Ti GPUs on PC gamers tomorrow, but there’s no sign of rumored RTX 5050 yet
AI writing
ChatGPT just wrote the most beautiful short story, and I wonder what I'm even doing here
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit