How to Stop Your Disney+ Account From Getting Hacked
Thousands of Disney+ accounts have been “hacked” and are for sale online. Criminals are selling login details for compromised accounts from between $3 and $11. Here’s how it likely happened—and how you can protect your Disney+ account.
How Are Disney+ Accounts Being Hacked?
Disney told Variety it’s seen “no evidence of a security breach” on its servers and that only a “small percentage” of its over 10 million users have had their login details compromised and leaked.
But, if Disney’s servers haven’t been compromised, how are there thousands of hacked accounts?
Once again, the culprit appears to be password reuse. If you reuse the same password on multiple websites, your login details have probably already leaked from another site. Now, all a “hacker” has to do is take those already compromised login details and try them on other websites.
For example, let’s say you log in with “email@example.com” and the password “SuperSecurePassword” everywhere. Many websites have been breached in the past few years, so “firstname.lastname@example.org / SuperSecurePassword” is probably in one or more databases of leaked credentials. When Disney+ launches, you sign up with your usual email address and password. Hackers try leaked usernames and passwords on Disney+ and other services and gain entry.
We don’t know for sure that this is how those accounts were compromised, but that’s how accounts are generally compromised. Another possible culprit could be key-logging malware that runs in the background on people’s computers and captures their credentials. At any rate, those end-user security problems are the most likely cause—not a breach of Disney’s servers.
Password reuse is a serious problem online. A Google / Harris Poll survey from earlier in 2019 found that 52% of people use the same password for multiple accounts, and 13% reuse the same password everywhere. Only 35% of people polled say they use unique passwords everywhere.
How to Protect Your Disney+ Account