Disney’s New Streaming Site Hacked With Customer Data Sold On Dark Web – Experts Reactions

Disney’s long-awaited streaming service, Disney+, launched last week to much fanfare, notching an impressive 10 million subscribers on its first day. However, within 24 hours of going live, it was reported that thousands of accounts have been hacked, with critical data stolen and sold onto the dark web.

Disney+ users began posting messages on Twitter and Reddit stating that their accounts had been compromised. Some users complained of being locked out of pre-paid accounts after receiving alerts that account information, including their password and contact details, had been changed.

Commenting on the news are the following cybersecurity experts:

Niels Schweisshelm, Technical Program Manager,  HackerOne
November 19, 2019
The trouble is, Passwords are the worst option for secure authentication, but we don’t yet have anything better.
It’s no surprise that cybercriminals jump on the same bandwagon as everyone else when there’s a big new consumer launch. The scale of fresh accounts means it’s very much worth their while to invest in attempting to compromise them – cybercriminals can rely on consumers’ security apathy to give them an easy win. This research should act as a reminder to all consumers about the importance ....
[Read More >>]
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
November 19, 2019
An online streaming service is a whole new world for Disney.
An online streaming service is a whole new world for Disney, and as they ask customers to "be our guest" and "put our service to the test," two-factor authentication would be a welcome addition. Any customer who wishes to guard against account takeovers can adopt the worry-free philosophy of not reusing passwords from other accounts. A spoonful of cybersecurity, in the form of a password manager, ....
[Read More >>]
Jonathan Deveaux, Head of Enterprise Data Protection,  comforte AG
November 19, 2019
Of course, there’s still the situation of user IDs – in use with other websites – which are the same user IDs at Disney+.
The details are unclear regarding the reports of hacked Disney+ accounts. At this time, there are no indications that point to a hack or data breach within the Disney cybersecurity program. What could be happening is a mass effort by bad-actors to use previously stolen user IDs and passwords. A quick search on https://haveibeenpwned.com/ reveals websites previously subjected to security events o ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article