In a galaxy far, far away, there is no such thing as cyber-crime. On planet earth, the struggle is real and Disney is hearing about it this week.
Soon after the launch of Disney+, thousands of customers claim to have had their accounts hacked.
According to an investigation by tech site Zdnet, hackers have stolen thousands of customers’ accounts and put them up for sale on the dark web. Many customers say they have waited hours to have their accounts restored, but without resolution.
Hackers are selling Disney+ accounts for as little as $3, the investigation found. The BBC also found several hacked customer accounts for sale on the dark web.
Many customers say they used new userIDs and passwords when setting up their accounts, but online data analysts say some accounts were stolen because people use the same passwords for different sites. Disney+ does not have two-factor authentication, which can help guard against cyber attacks such as credential stuffing.
Some users have also expressed concern because they can use their same Disney+ login to access the Disney store and Disney theme park accounts.
Disney told us, “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.”
Personal accounts are locked if the studio detects suspicious activity, we were told.
In the digital age, account break-ins are a relatively common scourge for the other streamers and their customers.
Disney launched its rival to Netflix and Amazon Prime last week in the U.S., Canada and Netherlands. The studio says it already has 10M subscribers, with monthly sign-up costing $7. On the service’s first day, tech hiccups were reported on social media.