INSUBCONTINENT EXCLUSIVE:
Hijacked Disney+ accounts are being sold online just hours after Disney's new streaming service launched, reports have claimed.Many of these
stolen accounts are being offered for free on hacking forums or are available for sale with prices ranging from $3 to $11, despite the fact
that a legitimate Disney+ subscription only costs $7.In its first 24 hours, the Disney+ video streaming service already managed to gain 10m
customers even though it is currently only available in the US, Canada and the Netherlands.The service's launch was plagued with technical
issues though a few customers reported losing access to their accounts entirely
These users had their accounts taken over by hackers who logged them out of all of their devices and then changed the account's email and
password to lock the previous owner out.The hackers behind these account takeovers were able to mobilize quickly to steal Disney+ account
credentials and make them available for sale online
This suggests that they either gained access to these accounts by either using leaked credentials from past data breaches or by using
info-stealing malware.Hacking forums now have thousands of Disney+ accounts available for sale but ZDNet also discovered that some forums
were giving away these credentials for free so that the hacker community could use and share them with others.Technical program manager at
HackerOne, Niels Schweisshelm explained how Disney can combat these account takeovers by implementing two-factor authentication for its
service, saying:"It’s no surprise that cybercriminals jump on the same bandwagon as everyone else when there’s a big new consumer launch
The scale of fresh accounts means it’s very much worth their while to invest in attempting to compromise them – cybercriminals can rely
on consumers’ security apathy to give them an easy win. "This research should act as a reminder to all consumers about the importance of
securing online accounts with strong, complex passwords
The trouble is, Passwords are the worst option for secure authentication, but we don’t yet have anything better
For the foreseeable future, people will have to continue making passwords work for them, whether that is using personal algorithms to keep
track of them or using password managers
Organizations can do their part by implementing and pushing or even mandating two-factor authentication so that even if passwords are
breached, the damage is contained
However, I don’t think we’ll see easy, small-scale theft like that of streaming service accounts brought under control anytime
