'Thousands' of Disney+ accounts hacked, sold online within hours of site launch

The streaming service has just launched in NZ.
The streaming service has just launched in NZ. Photo credit: Getty

The launch of Disney's new streaming service has been rocked by thousands of accounts being hacked.

On Tuesday, Disney+ went live in New Zealand - a week after its US debut. 

But within hours of the launch, Disney+ users' accounts were being sold online, reports business and technology news site ZDNET.

Many users reported people were accessing their accounts, logging them out of all devices and then changing the account password - locking out the paying user.

 

One of the ways this can be done is by phishing. Hackers send users emails which appear to be from Disney+, using similar branding and wording.

The emails will ask the user to log in to their account, or provide confidential information.

Once this is done, hackers can easily gain access to the users account.

Netsafe recommends ignoring any emails which ask for personal information such as bank details, credit card information or passwords.

Ten million people from the US, Canada and the Netherlands signed up to the service with the first week and thousands of them have had their accounts jeopardised, reports ZDNET.

A quick Twitter search revealed multiple people advertising stolen usernames and passwords.

'Thousands' of Disney+ accounts hacked, sold online within hours of site launch
Photo credit: Twitter.
'Thousands' of Disney+ accounts hacked, sold online within hours of site launch
Photo credit: Twitter

Another way these hackers could have gained access is credit stuffing - hackers targeting people who have had their confidential information leaked in previous data breaches. 

More than 3.3 billion credentials were stolen in 2016, according to research by Shape Security.

That leaked information is easily accessible online, meaning people can trawl through it and try different platforms to see what password fits.

The advice is to never re-use a password, and ensure your passwords are unique.

If you are the victim of a data breach, Cert NZ recommends immediately strengthening all passwords and adding two-step verification - a security code sent to your cell phone which you have to enter when logging in to a site.

 

 

Contact Newshub with your story tips:
news@newshub.co.nz