Disney+ finally launched last week and it was certainly not without its issues. Moreover, according to BBC, thousands of users are claiming their accounts have been hacked after they signed up for the streaming service — although that issue is seemingly not on Disney’s end.

  • According to the report, hackers have stolen thousands of accounts and put them up for sale on the dark web.
  • Users have reportedly waited on the phone and in online chats for hours without ever having their issues resolved.
  • Disney released a statement, claiming that Disney+ has not, in fact, been hacked:
    • “Disney takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+.”
  • BBC infers that the users’ credentials could have been stolen by other means. For example, the users could be reusing login details that have already been stolen from somewhere else.
  • That example appears to be likely to Jason Hill, lead researcher with CyberInt.
  • According to Hill, hackers will get someone’s password from a different site which had previously been hacked and attempt to use it on a new site, like Disney+, and if it works, they will steal the account.
  • This would mean that, while these users are victims of a security breach, the breach is not on Disney’s end.
  • Some are calling for two-factor authentication on Disney+, which would require users to essentially input a second password when logging in to verify authenticity.
  • While this would, in theory, fix the problem, it would also more or less eliminate account sharing between families and friends.


Send this to a friend