Published 19:20 IST, November 20th 2019
Hackers used this tactic to break into Disney Plus accounts, Disney denies security breach
Disney has responded to incidents where thousands of Disney Plus users were recently locked out of their accounts for suspicious behaviour. Full details.
Advertisement
Disney has responded to incidents where thousands of Disney Plus users were recently locked out of their accounts. Disney says Disney Plus service did not have a security breach but some accounts were shut after hackers tried to break into them. Recently, there were reports that stolen Disney Plus account usernames and passwords were selling for $3 on underground hacking forums. Disney+ costs $7 a month or $70 a year. Disney denied a security breach compromising passwords. Disney said it takes the privacy and security of users’ data seriously.
However, we don't know the exact number of Disney Plus users who faced security problems. As we stated before, previously compromised or leaked credentials available on online hacking forums may have led to this problem. In most cases, hackers use existing leaked credentials that are readily available on the internet. Since most users fail to reset their passwords even after their account credentials were compromised, hackers can simply try same, existing credentials to access other services.
“Many Disney+ users are reporting that they have been locked out of their accounts. Disney+ has responded by saying they have no evidence of a breach. Our experience suggests that this is likely the result of a credential stuffing attack, a phishing campaign against Disney+ users or the result of credential stealing malware on users' devices," said John Shier, senior security advisor at cybersecurity firm Sophos.
Turns out easy password or similar password for multiple accounts is what hackers used to lock the subscribers out of their own Disney Plus account. "Credential stuffing is when cybercriminals use leaked credentials from one website – which could already be for sale on the dark web – and try those same credentials on other online services. This breach is a prime example of the importance of having unique passwords across all of your online services," Shier added. "As we’ve seen time and time again, cybercriminals are just as lazy as the rest of us. If they can get away with using a person’s previously compromised passwords across different services, that will be their default."
Basic tips to safeguard Disney Plus account
-- Security researchers warn users against using old or same passwords for all the services. Experts warn security breaches can be deadly when hackers use passwords from past breaches ·
-- Provide as little personally identifiable information online as possible ·
-- Always use two-factor authentication to ensure your passwords and login attempts are safeguarded.
18:39 IST, November 20th 2019