The launch of Disney+ was one of the most anticipated at this end of 2019. The moment was intense that Disney didn't anticipate the surge in traffic, resulting technical issues, causing people in having difficulties to sign in and watch.
The service, although initially available only in the U.S., Canada, and the Netherlands, has already amassed more than 10 million customers in its first 24 hours.
When the tide settled, many users however remained unfortunate. Many of them started losing access to their accounts and unable to sign in anymore. Complaints started to appear on social media networks like Twitter and Reddit.
This happened because hackers were on the move. They weren't wasting any time, as they started hijacking Disney+ users, and started selling the accounts for prices varying from $3 to $11.
There are also several lists of Disney+ account credentials being offered for free, to be shared and used by the hacker community. This is possible since Disney+ allows account sharing. The hackers/buyers of the hacked accounts revoked access to original users' authorized devices, and changed the passwords to prevent them from logging back in.
It was suggested that in some of the cases, the hackers managed to gain access to accounts using email and password combinations leaked at other sites, while in other cases, the Disney+ credentials might have been obtained from users infected with keylogging or data-stealing malware.
But what is astounding here is that, the speed at which the hackers have mobilized and monetized the Disney+ accounts.
Only within hours after Disney+ was launched, many of its users account were already hacked and placed on online hacking forums.
At least thousands of accounts were breached in the first day.
Many popular online services hash passwords in order for them to be unreadable and unusable in cases of hacks. Disney+ however, was found to store the passwords in clear text.
But still, there is little it can do really prevent hacks from happening.
When securing online accounts, weak passwords or reused passwords are two of the most common reasons for account breaches. When some of the hacked users were contacted, they admitted that they have reused old passwords.
What Disney+ is facing is what other streaming services have fought for years.
Online hacking forums, both in the surface web and the dark web, have been overflowing with hacked accounts from Google, Amazon Prime, Netflix, Facebook and many others. The reason hackers are still putting up new accounts for sale on a regular basis is because people are buying.
Many people are willing to pay to get their hands on hacked accounts.