Disney+ launched on Nov. 12 and quickly amassed 10 million customers within 24 hours. Now, about a week later, hackers have already hijacked “thousands” of user accounts.
The Disney premium streaming service has been wildly popular, but its launch was bogged down with technical issues. Many early adopters reported that they were unable to stream content or were running into other bugs.
But buried in the deluge of user complaints were sporadic reports of Disney+ customers being locked out of their own accounts.
Disney+ Account Hacking
Apparently, according to ZDNet, hackers are breaking into Disney+ user accounts, logging them out of all devices, and then changing their username and password. That effectively allows an attacker to take full control of an account and lock out the actual owner — a situation that’s especially bad for prepaid users.
It isn’t clear how the hackers accessed the Disney+ account. At least some users admitted to reusing duplicate credentials, but others claimed that they had used unique passwords for Disney+.
That suggests that some hacked users may have fallen victim to malware or phishing attempts. Attackers may have also used email and password combinations leaked by other platforms or websites.
Those hijacked accounts are already starting to show up on hacking forums and dark web marketplaces. Some of them are being put up for free, while others are being sold for prices ranging from $3 to $11.
How to Protect Yourself
Disney+, unfortunately, does not currently support a basic-but-important security feature: two-factor authentication. If and when it does, we strongly recommend enabling it.
In any case, because it’s unclear how hackers got access to user accounts, we also encourage both caution and being proactive to protect yourself.
For one, you’ll probably want to go ahead and change the password on your Disney+ account to something strong and unique.
If you used a duplicate password for Disney+ that you’ve already used for other websites and services, it’s worth going through and changing those, too. (We recommend using a password manager.)
At this point, there doesn’t appear to be an easy way to recover a hijacked account. You’ll probably want to contact Disney+ support and let them know about the situation.