Disney Plus accounts are already being hacked and sold online

(Image credit: Shutterstock)

Hijacked Disney+ accounts are being sold online just hours after Disney's new streaming service launched, reports have claimed.

Many of these stolen accounts are being offered for free on hacking forums or are available for sale with prices ranging from $3 to $11, despite the fact that a legitimate Disney+ subscription only costs $7.

In its first 24 hours, the Disney+ video streaming service already managed to gain 10m customers even though it is currently only available in the US, Canada and the Netherlands.

The service's launch was plagued with technical issues though a few customers reported losing access to their accounts entirely. These users had their accounts taken over by hackers who logged them out of all of their devices and then changed the account's email and password to lock the previous owner out.

Disney+ credentials

The hackers behind these account takeovers were able to mobilize quickly to steal Disney+ account credentials and make them available for sale online. This suggests that they either gained access to these accounts by either using leaked credentials from past data breaches or by using info-stealing malware.

Hacking forums now have thousands of Disney+ accounts available for sale but ZDNet also discovered that some forums were giving away these credentials for free so that the hacker community could use and share them with others.

Technical program manager at HackerOne, Niels Schweisshelm explained how Disney can combat these account takeovers by implementing two-factor authentication for its service, saying:

"It’s no surprise that cybercriminals jump on the same bandwagon as everyone else when there’s a big new consumer launch. The scale of fresh accounts means it’s very much worth their while to invest in attempting to compromise them – cybercriminals can rely on consumers’ security apathy to give them an easy win. 

"This research should act as a reminder to all consumers about the importance of securing online accounts with strong, complex passwords. The trouble is, Passwords are the worst option for secure authentication, but we don’t yet have anything better. For the foreseeable future, people will have to continue making passwords work for them, whether that is using personal algorithms to keep track of them or using password managers. Organizations can do their part by implementing and pushing or even mandating two-factor authentication so that even if passwords are breached, the damage is contained. However, I don’t think we’ll see easy, small-scale theft like that of streaming service accounts brought under control anytime soon.” 

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough