Less than a week after launch, thousands of Disney Plus accounts have been infiltrated by hackers and put on sale on the dark web for as little as $3…
Just days after amassing millions of subscriptions following its initial launch, thousands of newly-created Disney+ accounts have already been hacked and put up for sale on the dark web for as little as $3 to $11, according to ZDNet and other sources.
Thousands of Disney Plus Accounts Hacked and Put Up for Sale on the Dark Web
Disney+ officially debuted in three countries last Tuesday — the United States, Canada, and the Netherlands. In under 24 hours, the service gained over 10 million subscriptions and experienced more than 3.2 million mobile app downloads. (Industry experts wrongly predicted the service would reach between 10 and 18 million subscribers in its first year.)
Following its release, more than legitimate paying customers were logging into the streaming service. In a matter of days, hackers were already taking over customers’ accounts, logging them out of their devices, and changing emails and passwords.
Hackers then proceeded to put the hijacked accounts up for sale on the dark web, with prices ranging from just $3 to $11.
Security experts suspect the hackers would also use the stolen information for what’s known as “credential stuffing.”
This is the practice of using active username and password combinations in attempt to infiltrate other accounts and services. For instance, bank accounts, credit cards, as well as subscription services and other things. Hackers do this because consumers regularly use the same credentials to login to multiple sites.
Disney is aware of the problem. A spokesperson for Disney told CNBC the company “takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.”