TECHNOLOGY

Disney Plus Blames Past Hacks For User Accounts Sold Online

Nov 20, 2019, 4:22 PM
Disney+ has arrived to try and reshape the streaming landscape. (CNN Business' Frank Pallotta)
(CNN Business' Frank Pallotta)

(AP) — Disney said Disney Plus account passwords being sold in underground hacking forums are coming from previous breaches at other companies, predating last week’s launch of its streaming service.

The company reiterated Wednesday that it found no evidence of a security breach and that account problems are limited to “a very small percentage of users” of Disney Plus.

Disney and other traditional media companies are trying to capture the subscription revenue now going to Netflix and other streaming giants. Helped by promotions, including a free year for some Verizon customers, Disney Plus attracted 10 million subscribers on its first day.

The news site ZDNet found stolen account usernames and passwords selling for $3 on underground hacking forums. Disney’s streaming service costs $7 a month or $70 a year.

Despite warnings by security experts, users often reuse passwords at multiple services, meaning a breach at one opens the door for a hacker to gain access to the others.

Users can easily avoid this by using strong passwords that are unique for each service, said Troy Hunt, an Australian security researcher whose “Have I Been Pwned?” website alerts people when their identity information is stolen.

But Hunt said Disney should implement better security measures.

“The Disney situation appears to be yet another credential stuffing attack where hackers exploit a combination of customers reusing passwords and the service provider not providing sufficient defenses to stop it,” Hunt said in an email.

Paul Rohmeyer, a professor at the Stevens Institute of Technology in Hoboken, New Jersey, said he’s surprised that streaming services haven’t yet implemented better security such as multi-factor authentication.

With multi-factor authentication, users must enter a code sent as a text message or email when logging in from a new device. The code helps ensure that people using stolen passwords or guessing them can’t use a service without also having access to the legitimate user’s phone or email account.

Rohmeyer said services may be hesitant to implement tougher security because they don’t want to be seen as more inconvenient than competitors.

Multi-factor authentication is an option for many non-streaming services, including Google, Facebook and Apple, but the extra security must be turned on. Disney Plus does require codes sent by email when changing account passwords, but it doesn’t use them for logging in from new devices.

Multi-factor authentication is harder to implement for services that are shared in households, as multiple users would need access to the same phone or email account. While Disney Plus, Netflix and Hulu let family members create their own profiles, with separate watch lists and preferences, they all share the same username and password. Apple TV Plus gets around this by having each family member sign in with a separate Apple ID.

KSL 5 TV Live

Top Stories

Technology

(Photo: Vivint)...
Michael Houck

NRG Energy set to purchase Vivint Smart Home

The North American power and energy company announced its purchase of the Provo-based smart home company on Tuesday. 
1 day ago
NASA's Orion spacecraft beamed back close-up photos of the moon and Earth on Monday, Dec. 5, 2022. ...
MARCIA DUNN AP Aerospace Writer

NASA capsule flies over Apollo moon landing sites, heads home

NASA's Orion capsule is on its way home from the moon to wrap up a three-week test flight. The capsule and its test dummies came within 80 miles of the far side of the moon Monday.
2 days ago
The Twitter emblem is displayed on a smart phone outside the Twitter offices in Dublin on November ...
Ramishah Maruf, CNN

Elon Musk speaks out on ‘Twitter Files’ release detailing platform’s inner workings

(CNN) — Twitter owner Elon Musk spoke out on Saturday evening about the so-called “Twitter Files,” a long tweet thread posted by journalist Matt Taibbi, who had been provided with details about behind-the-scenes discussions on Twitter’s content moderation decision-making, including the call to suppress a 2020 New York Post story about Hunter Biden and his […]
3 days ago
(Photo by Bethany Clarke/Getty Images)...
Brian Fung, CNN

Released Twitter emails show how employees handled 2020 New York Post Hunter Biden story

Elon Musk teased Twitter users a few days ago with the promise of information on Twitter's content moderation policies, now known as the "Twitter Files."
4 days ago
FILE - This undated artist rending provided by the U.S. Air Force shows a U.S. Air Force graphic of...
TARA COPP Associated Press

Pentagon debuts its new stealth bomber, the B-21 Raider

The United States' newest nuclear stealth bomber is making its public debut after years of secret development. The new bomber is part of the Pentagon's answer to rising concerns over a future conflict with China.
5 days ago
F.B.I. Director Christopher Wray speaks at a press conference at the U.S. Department of Justice on ...
ERIC TUCKER, Associated Press

FBI director raises national security concerns about TikTok

FBI Director Chris Wray is raising national security concerns about TikTok, warning Friday that control of the popular video sharing app is in the hands of a Chinese government “that doesn't share our values.”
5 days ago

Sponsored Articles

house with for rent sign posted...
Chase Harrington, president and COO of Entrata

Top 5 reasons you may want to consider apartment life over owning a home

There are many benefits of renting that can be overshadowed by the allure of buying a home. Here are five reasons why renting might be right for you.
Festive kitchen in Christmas decorations. Christmas dining room....
Lighting Design

6 Holiday Decor Trends to Try in 2022

We've rounded out the top 6 holiday decor trends for 2022 so you can be ahead of the game before you start shopping. 
Happy diverse college or university students are having fun on their graduation day...
BYU MBA at the Marriott School of Business

How to choose what MBA program is right for you: Take this quiz before you apply!

Wondering what MBA program is right for you? Take this quiz before you apply to see if it will help you meet your goals.
Diverse Group of Energetic Professionals Team Meeting in Modern Office: Brainstorming IT Programmer...
Les Olson

Don’t let a ransomware attack get you down | Protect your workplace today with cyber insurance

Business owners and operators should be on guard to protect their workplace. Cyber insurance can protect you from online attacks.
Hand turning a thermostat knob to increase savings by decreasing energy consumption. Composite imag...
Lighting Design

5 Lighting Tips to Save Energy and Money in Your Home

Advances in lighting technology make it easier to use smart features to cut costs. Read for tips to save energy by using different lighting strategies in your home.
Portrait of smiling practitioner with multi-ethnic senior people...
Summit Vista

How retirement communities help with healthy aging

There are many benefits that retirement communities contribute to healthy aging. Learn more about how it can enhance your life, or the life of your loved ones.
Disney Plus Blames Past Hacks For User Accounts Sold Online