Thousands of Disney+ accounts stolen by hackers
BURBANK, CALIFORNIA — Hackers started targeting Disney's new streaming service just hours after it was launched on November 12.
Hackers were able to gain access to users' Disney+ accounts and lock them out of all of their devices that had access to the service, according to an investigation by ZDNet.
They were also able to change the email address and password of the user's streaming service account, essentially taking over the account.
The report suggests that hackers may have stolen user credentials through keylogging or via malware designed to steal data.
In some cases, hackers may have used emails and passwords leaked from other websites to gain access to the Disney+ accounts.
The ZDNet report suggested Disney+ could provide multi-factor authentication for a more secure login to prevent hackers from gaining easy access to user accounts through previously used passwords.
The report also advised users to set unique passwords for each online account.
The streaming service is currently available in the U.S., Canada and the Netherlands.
Thousands of Disney+ accounts were found for sale on hacking forums online, with prices ranging from US$3 to US$11.
An authentic Disney+ account costs US$7 per month.
The report even found free Disney+ accounts online that are available to be shared with others in the hacking forum.
According to ZDNet, Disney has yet to respond to requests for comments on the streaming service's security issues.