The start of a highly anticipated streaming service from The Walt Disney Company endured an unsuccessful rollout as thousands of Disney+ user accounts were stolen and put up for sale on the so-called “Dark Web” after it first went live.
Disney+ is the new subscription-based streaming service that was officially launched on November 12. The service, although available only in the United States, Canada and the Netherlands, attracted more than 10 million subscribers in the first 24 hours.
Just a hours after the launch of the service, attackers hacked user accounts and offered them for free on hacker forums or sold them at prices from $3 to $11, which is more than the official Disney+ account price of $7.
Many users reported that the hackers gained access to their accounts, logged them out, and then changed the email addresses and passwords, which effectively seized the account and blocked access for the actual owner.
A Disney spokesperson emphasised that the company “takes the privacy and security of users’ data very seriously and there was no indication of a security breach to Disney+”.
The fear now is that some users often use the same email address and password for several sites, including Disney+, which would leave their confidential information exposed to a major security breach.
Disney+ is the Walt Disney Company’s addition to the ever-growing landscape of on-demand streaming content, which already includes Netflix, Hulu, Amazon Prime, amongst others.