On November 16, ZDNet reported that thousands of Disney+ users have had their accounts compromised by malicious operators. The site’s investigators found hackers offering login credentials for the streaming platform across the dark web. However, it’s not clear if the entertainment conglomerate’s systems suffered a data breach. Consumer error may be to blame.
Launch Day Hacks
As noted by ZDNet, Disney+ users discovered that their accounts had been subverted shortly after the service launched on November 12. Indeed, many users took to social media, noting that they lost access to the platform because their credentials had been altered. Unfortunately, because Disney+ encountered widespread technical problems at its launch, many consumers faced long wait times when contacting customer service.
After investigating, the publication found that rogue operators had posted Disney+ account information belonging to thousands of users on various dark web forums. Conversely, other hackers offered to sell user credentials for between $3 and $11. The BBC launched an investigation into the hacking claims and found listings for thousands of compromised accounts.
Notably, Disney priced its streaming service at $6.99 per month. However, the corporation hasn’t made the platform available globally yet.
Data Breach or Reused Credentials?
Given the number of users affected, it appears that hackers have breached Disney’s internal network. However, ZDNet offered another explanation for why so many user accounts had been compromised so quickly. The site noted that hackers might have reused previously exposed login and password information to access the platform.
Indeed, users told the publication that they often utilize their credentials on multiple services. CyberInt researcher Jason Hill told the BBC that reused credentials likely played a role in the Disney+ account hacks.
A Disney spokesperson told CNBC, “There is no indication of a security breach on Disney+.” However, several users that ZDNet spoke to said they used unique passwords and logins for the streaming platform. It is worth noting that the entertainment corporation’s Netflix alternative does not utilize multifactor authentication. Though, to be fair, none of the major streaming platforms do.
A Troubled Start
Although Walt Disney Studios is one of the largest content production companies in the world, the launch of its streaming service has been unexpectedly rocky.
In August, the corporation reported that its direct-to-consumer division incurred a loss of $553 million because of Disney+. In the preceding quarter, the firm spent almost $1 billion establishing the streaming service. Moreover, it dedicated around $100 million to make its “Star Wars” spin-off series “The Mandalorian” feel appropriately cinematic.
Besides, the studio intends to spend a staggering $25 million per episode on its forthcoming Marvel Cinematic Universe TV spin-offs.
Initially, Disney’s big bet on streaming had seemingly paid off. On November 13, CNBC reported that the service received more than 10 million sign-ups within 24 hours. The platform’s connectivity issues frustrated a host of curious consumers. Moreover, the fact that thousands of users have had their accounts compromised this soon is a black eye.
With its tremendous financial resources, Disney can fix its new platform’s issues. However, consumers have a host of quality options in the video-on-demand market.
As such, the 90 million customers that the corporation hopes to acquire by 2024 may avoid the service until its reputation improves. With all the money that the studio is pouring into the project, Disney+ may not be around long enough to earn a second chance.