It turns out that the account was hacked and sold for sale right after the Disney + service started
Disney's unique streaming service, “ Disney + ”, is reported to have exceeded 10 million registered users on the first day of service launch on November 12, 2019. Looking at the number of registered users, Disney + is said to have made a good start, but it turned out that a large number of accounts were hacked and sold on the dark web in just a few hours after the service started.
Thousands of hacked Disney + accounts are already for sale on hacking forums | ZDNet
First, Disney +, which was launched in the United States, Canada, and the Netherlands, distributes numerous works such as Disney live-action movies, animations, and related TV programs. The Disney + app continued to reign on the top of all day installs on the App Store and made a good start, with over 10 million paid members.
On the other hand, a technical problem occurred on the first day of the service, and many users reported that they could not play their favorite movies and programs. In addition, ZDNet , an American news site, pointed out, 'Some users report that they've lost access to their accounts behind a service failure.' Some users who have lost access to their account claim that the hacker has hacked into their account and changed their account email and password.
A user who reports that 'My account has already been hacked about 10 hours after Disney + started ...'
DISNEY + HAS BEEN OPEN FOR LIKE 10 HOURS AND MY ACCOUNT HAS ALREADY BEEN HACKED pic.twitter.com/YBv6CfwTlh— Brandon ʕ · ᴥ · ʔ (@brandoncult) November 12, 2019
'Disney + 's departure is terrible. Apparently many accounts are hacked and sold online, but customer service doesn't help me. My account is hacked, my email address and password You can see some reports on the SNS that the Disney + account was hacked, such as users who complained that 'has been changed.'
Disney + launch has been absolutely horrible. Their customer service is no help at all and apparently hundreds of accounts were hacked and sold online.My account got hacked & email / password changed, thankfully I cancelled my subscription before the hack.— Harry (@ Harry8__) November 15, 2019
ZDNet seems to have contacted users who reported that their Disney + account was hacked, two of whom said they used the same password as other services. However, other users claim that the Disney + password was unique, and hackers sometimes used a combination of email address and password that was leaked from other sites, or stolen credentials by malware etc. It points out that there may be.
Hackers are selling Disney + accounts at Dark Web hacking forums etc., and the selling price per account is about 3 dollars (about 330 yen) to 11 dollars (about 1200 yen).
If you look at the screen shots released by ZDNet, you can see that Disney + accounts are actively sold in forums. Also, some Disney + account credential lists shared free by the hacker community were found, and in fact ZDNet confirmed that the credentials in the list match the credentials of some users. did.
ZDNet seems to have asked Disney to comment on security to protect users from account hijacking, but there is no answer at the time of article creation. “One of the things that Disney + can do to help users is to support multi-factor authentication,” ZDNet claims.
in Web Service, Security, Posted by log1h_ik