The demand for access to Disney+ has resulted in thousands of accounts being on sale on the Dark Web. ZDNet reported that Disney’s streaming service was only released on November 12. Despite the few days since the Disney+ launch, thousands of accounts have been hijacked and posted for sale for varying prices.
In fact, accounts have been hacked and stolen by attackers within mere hours after the release. Hacking forums have also been flooded with such offerings. On a dark web marketplace, the subscriptions are sold between $3 to $11.
The report noted that the prices offered on hacking forums are higher than the original price for a Disney+ subscription. A legitimate subscription is only $7.
However, ZDNet also found out that some illegitimate subscriptions are offered for free. Several users are set to share access. It is important to note that the platform allows account sharing.
Upon launching, the company has recorded over 10 million customers who registered for the service within 24 hours. This is despite being accessible only by users in the United States, Canada, and the Netherlands.
However, the platform is far from perfect as users have reported a bunch of technical issues. Many of the complaints involve the failure to stream some movies and shows. A significant flaw, which was “hidden in the flood of complaints,” is a collection of reports of users “losing access to their accounts.” According to complainants, hackers are taking over their subscriptions by getting unauthorized access, logging out from all devices and changing the login credentials.
ZDNet’s investigation of the attacks revealed that some users reused passwords for multiple accounts, while some used unique passwords. According to the report, “this suggests that in some cases hackers gained access to accounts by using email and password combos leaked at other sites.” However, those who used unique passwords might be “infected with keylogging or info-stealing malware.”
Meanwhile, Forbes noted that recovering the accounts can be difficult. The reporter reminded would-be users to use a trustworthy password manager before signing up for the service. Using a unique password can also help.
Both the Forbes and ZDNet reporters have reached out to Disney for comment. ZDNet emphasized the possible course of action which the company will take to address the issue. However, both reporters are yet to receive a response as of this writing.