Disney+ amassed an astonishing 10 million customers within the first 24 hours of its launch, which is commendable in itself. But that’s not the only shocking news circulating about the Netflix rival. Thousands of Disney+ accounts have been hacked within hours of their subscription, some having 3+ years of prepaid accounts, and are being either offered for free on hacking forums or sold at prices starting from $3 to $11. 

A ZDNet investigation has discovered that many users have complained about losing access to their accounts and reported that hackers were accessing their accounts. They have been logged out of all their devices and their account’s password and email id have been changed, locking the owner out of the Disney+ subscription they purchased. 

Apparently, Disney+’s customer service wasn’t ready for such a scenario as the users of the platform are less than happy at the pace their complaints are being dealt with. While some users admitted to reusing old passwords, most of them created unique passwords for their Disney+ accounts. This means that either the hackers gained access to their accounts via email and password combos leaked at other sites or the users were infected with keylogging or info-stealing malware.

This is not the first that user credentials have been hacked and sold, as other platforms like Hulu, Netflix, Amazon Prime, have been facing this issue for years. The appearance of stolen accounts on hacking forums and them being sold at a price higher or lower than the actual subscription amount is nothing new.

What can be done now?

While Disney is yet to come out publicly about the security systems it has in place to deal with such scenarios, at the moment, it can help future users by providing multi-factor authentication, that would prevent hacking of accounts which reuse passwords. 

At the same time, new users of Disney+, who are yet to set up their account on the streaming platform, should opt for creating unique passwords for their account. While this won’t save their accounts from malware on their devices from stealing their passwords, it will put a stop to hackers just guessing the password and gaining access to your account.