Published 19:20 IST, November 20th 2019

Hackers used this tactic to break into Disney Plus accounts, Disney denies security breach

Disney has responded to incidents where thousands of Disney Plus users were recently locked out of their accounts for suspicious behaviour. Full details.

Reported by: Tech Desk
Follow: Google News Icon
  • share
null | Image: self
Advertisement

Disney has responded to incidents where thousands of Disney Plus users were recently locked out of ir accounts. Disney says Disney Plus service did t have a security breach but some accounts were shut after hackers tried to break into m. Recently, re were reports that stolen Disney Plus account usernames and passwords were selling for $3 on underground hacking forums. Disney+ costs $7 a month or $70 a year. Disney denied a security breach compromising passwords. Disney said it takes privacy and security of users’ data seriously.

However, we don't kw exact number of Disney Plus users who faced security problems. As we stated before, previously compromised or leaked credentials available on online hacking forums may have led to this problem. In most cases, hackers use existing leaked credentials that are reily available on internet. Since most users fail to reset ir passwords even after ir account credentials were compromised, hackers can simply try same, existing credentials to access or services.

Advertisement

RE | Thousands of Disney Plus accounts compromised, selling on dark web: Report

“Many Disney+ users are reporting that y have been locked out of ir accounts. Disney+ has responded by saying y have evidence of a breach. Our experience suggests that this is likely result of a credential stuffing attack, a phishing campaign against Disney+ users or result of credential stealing malware on users' devices," said John Shier, senior security visor at cybersecurity firm Sophos.

Turns out easy password or similar password for multiple accounts is what hackers used to lock subscribers out of ir own Disney Plus account. "Credential stuffing is when cybercriminals use leaked credentials from one website – which could alrey be for sale on dark web – and try those same credentials on or online services. This breach is a prime example of importance of having unique passwords across all of your online services," Shier ded. "As we’ve seen time and time again, cybercriminals are just as lazy as rest of us. If y can get away with using a person’s previously compromised passwords across different services, that will be ir default."

Advertisement

Basic tips to safeguard Disney Plus account

-- Security researchers warn users against using old or same passwords for all services. Experts warn security breaches can be dely when hackers use passwords from past breaches ·

-- Provide as little personally identifiable information online as possible ·

Advertisement

-- Always use two-factor auntication to ensure your passwords and login attempts are safeguarded.

18:39 IST, November 20th 2019