Disney+ Hacked? Was It Inevitable? 1 Way to Secure Your Account Now
Was Disney+ Hacked? Some experts think so. I disagree.
Disney+ launched just one week ago and the reviews are in. It’s a great service with a good package deal. You get Disney+, Hulu, and ESPN+ for just $12.99/month.
Even better than the deal is the content. Who wouldn’t love to have access to every Star Wars, Marvel Universe, and Pixar movie plus countless Disney classics?
The content is so amazing that even hackers are stealing and reselling accounts! On the Dark Web, you can purchase a Disney+ account for $3! That’s a great deal, right?
Was Disney+ Hacked? Some experts think so. I disagree.
Whoa, wait? What Are You Talking About?
As expected, millions of people signed up for Disney+. 10 million-plus to be exact. Of those 10 million subscribers there are a reported 4000 accounts compromised. This is less than .04% of the total subscribers on the platform, but still a significant number.
Those 4000 subscribers no longer have access to their accounts because the thief changed the credentials. Other than calling the bank or credit card vendor they do not have any recourse.
What Do the Cyber Security Experts Say? Was Disney+ Hacked?
This is the part that gets me. I wasn’t even going to write a blog about the Disney+ hacks because it seemed trivial at first.
There are so-called Cyber Security experts claiming, and reporting, that Disney+ was hacked.
That is not how these accounts were compromised. These accounts were compromised because of one or both of the following reasons.
- Weak Passwords
- Reused Passwords
Thieves and others who use the dark web keep lists of passwords that have been cracked or stolen. These lists are sold to whoever wants to buy them, sometimes along with usernames and/or email addresses.
If you use firstname.lastname@example.org with a password of abc123, and that username/password combination has been hacked (it has) then it is on a list on the dark web. Anyone can purchase that list and try those credentials on other sites like Disney+.
The password I used in the example (abc123) is also a weak password. It can easily be cracked with a brute force attack. And then sold on the dark web.
What Can Disney+ Subscribers Do?
It’s simple. Use different passwords for every account you have and use strong passwords.
A strong password consists of UPPERCASE, lowercase, numbers, and special characters. It should be as long as possible. The longer the better. It takes exponentially much more time to crack a 10-character password than it does an 8 character password.
You can also use a passphrase like a movie quote or song lyric. You will still want to use UPPERCASE, lowercase, numbers, and special characters.
My passwords are all at least 15 characters.
The next question I am always asked is how do you remember all your passwords. The answer is I don’t. I use a password manager. There are tons of them out there, but I recommend LastPass for those that want to use a web-based password manager, and KeePass for those that prefer one, not on the internet.
What Can Disney+ Do Differently?
Now that I have scolded you about your password policy lets talk about what Disney+ can do differently.
First, I don’t feel they are handling the complaints very well based on what I have seen reported. If a subscriber calls and tells you that their account cannot be accessed or has been stolen it’s not hard to investigate that and take action to close the account.
The bigger problem I see is the lack of 2FA options. Disney+ launched with no 2FA (Two-Factor Authentication) option and as of this writing still does not have one.
With that, I don’t believe that would have stopped the 4000 accounts from being hacked. If they’re already using weak passwords, then they probably find 2FA to be too cumbersome.
It was one of the first things I checked for. Netflix and Hulu do have a 2FA option (turn it on if you have not already).
Disney should also consider using geofencing to a point. If you’re outside of your normal area, then you should have to verify you are who you say you are.
May the Force Be with You
Disney+ was not hacked. Your account details were. It’s that simple. Use better and different passwords.
Disney is not off the hook though. They need to improve the security of the platform. With these seemingly basic options not being available, I wonder what else is lacking as far as security is concerned.
At the end of the day, cybersecurity is everyone’s job. It is your responsibility to learn how to better protect yourself online. Hopefully, this blog post helps a little.
I’m still going to watch the Mandalorian this week though.
Personally it is the type of subscription that is worth doing, even for the sake of costs, so why hack it?
As always, people are responsible for their own safety – online as well. We can´t outsource every relevant stuff:-)
Being hacked nowadays is a very probable thing. All I hear around me is that everyone has been hacked.
Eek, I heard about this! We don’t have Disney + yet and I’m glad I waited. I always try to make sure to have different passwords for each place I go to just in case.
It takes a little bit of work to keep up with good passwords, but an organized system helps out! As long as I stay on top of things and keep a record, I’m good.
Oh man, we literally just got Disney+. I guess it was bound to happen. Thanks so much for sharing this with us!
Wow, that’s a little scary to think about. I think our account is safe for the time-being. And we’ve loved watching all the content!!
I hope I will never be hacked but I know it’s quite popular and big problem nowadays
Already? It’s only been launched. I’m glad I was waiting.
such needed info! I had no idea it was hacked and we just signed up!
We should always remember about protecting ourself against being hacked. I didn’t know that even Diney + can be under this threat. 🙂
Cyber security is a very serious threat and should be taken very very seriously! But as you said, it starts with us the users.
I didn’t know Disney got hacked. It makes sense that it would though; I think everything online does, can or will.
These are some great tips. Having a strong password is really beneficial.
I did not about this! I got my account during the weekend, but I never heard of Disney + being hacked. It’s really hard to keep everything safe online. This is good to know though.
I read about this before, it is really unpleasing. I don’t know if I ever subscribe to Disney+, not that mush of star wars and old classic cartoons fan
Being hacked becomes easy these days, if you won’t be careful. Good thing there are pre-cautionary steps to take. This is absolutely helpful.
How interesting, thinking of subscribing but will def Follow your security tips
Internet safety is vital. In today’s world, we must be really careful