Published 12:42 IST, November 19th 2019
Thousands of Disney Plus accounts compromised, selling on dark web: Report
Shortly after launch, thousands of Disney Plus users were locked out of accounts for suspicious behaviour. This could be a massive data breach for Disney+.
Advertisement
In what appears to be a massive data breach, thousands of Disney+ accounts were found listed for sale on dark web. Shortly after launch, thousands of Disney+ users were locked out of ir accounts for suspicious behaviour.
Disney+ accounts compromised
Although it is unclear at moment if this was a coordinated attack on existing Disney+ accounts, chances are previously compromised, leaked credentials available on online hacking forums may have led to this problem. Disney+ itself was t compromised, but people who chose a weak password were weak link, cybersecurity firm Bitdefender explains.
Advertisement
In most cases, hackers use existing leaked credentials that are reily available on internet. Since most users fail to reset ir passwords even after ir account credentials were compromised, hackers can simply try same, existing credentials to access or services.
Advertisement
Disney+ went live last week across US and Cana, featuring thousands of movies and TV episodes from Disney, Pixar, Marvel, Lucasfilm and National Geographic. Disney said 10 million subscribers signed up for Disney+ within a day of launching its new video streaming service.
In an email statement to Republic World, Monique Becenti, channel and product specialist at a cybersecurity firm SiteLock, h this to say:
Advertisement
"User accounts and login information is appealing to hackers because it is a gateway to valuable customer data that could provide access to a wide range of or user accounts associated with your login details, such as banking information or credit card data. In case of Disney+, some users’ credentials were changed, which resulted in users being locked out of ir accounts."
Advertisement
"In this case, some hacked accounts are listed for more than cost of a legitimate account. For b actors, a hacked account is valuable as more than a way to access streaming content for cheaper than market price. It opens door to or valuable information, like passwords, that can be used in things like credential stuffing attacks," Becenti ded.
How to prevent this
Security researchers recommend two-factor auntication to safeguard ir online accounts.
Advertisement
"People who are interested in signing up for streaming services such as Disney+ should ensure that two-factor auntication is offered to better protect ir login credentials and personal data," Becenti said.
price tag associated with accounts being sold on dark web can vary due to a variety of factors, such as of personal data cybercriminals can access, but generally, y can be sold for urds of hundreds of dollars," she ded.
12:23 IST, November 19th 2019