Disney's new video-on-demand streaming service has been compromised within a week of its being launched, with hacked Disney+ accounts offered for sale online for just $1.
According to The Daily Dot, the hugely popular Disney+ service, which amassed over 10 million subscribers on its first day alone, was targeted by threat actors from the get-go.
Within hours of the service going live on November 12, Disney+ users began posting messages on Twitter and Reddit stating that their accounts had been compromised. Some users complained of being locked out of pre-paid accounts after receiving alerts that account information, including their password and contact details, had been changed.
Other service users reported finding strange names and profiles linked to their account after logging in. The mystery account users appeared next to avatars of users' family members.
Exacerbating the problem is the fact that the Disney+ service has been set up in just the manner you'd expect from a company that pedals the idea of "happily ever after." For each account, connection to a maximum of ten devices is permitted, and there is currently no way to remove any devices that have been connected.
Disney+ accounts were on sale for as little as $1 a month on hacking websites, including cracked.to, within a few hours of the streaming service going live. Annual subscriptions were being touted for just $3.
The new video-on-demand streaming service is not alone in this whole new world of hackers and thieves. Other services, including Netflix, Hulu, HBO Now, and CBS All Access, have been targeted by hackers.
A common ruse used by threat actors is to send a fake email to a streaming service subscriber warning them that their account has been locked. The subscriber is then asked to supply their account information and credit card details.
After successfully phishing this information from the subscriber, the threat actor can then log in to the account and change the password, blocking the legitimate user from accessing the hacked account.
To prevent their account from being hacked, subscribers to any video streaming service are advised never to answer suspicious emails relating to their account and never to share their login information over email.