Within hours of the launch of the Disney+ streaming service, online attackers logged into users’ accounts, changed the passwords, and began selling the accounts on the dark web. Compromised accounts number in the thousands.
A BBC report quotes a Disney+ spokesman as saying: “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+ …”
How, then, were attackers able to compromise that many accounts in just a couple of weeks? A ZDNet report suggests that attackers:
- Tried logins and passwords stolen from other websites, counting on some users having used the same password on multiple websites
- Stole logins and passwords directly from Disney+ users’ computers using malware
Fortunately, you can protect yourself from both of these tactics:
- Use strong, unique passwords for each of your online accounts
- Always use AntiVirus software on your computer, as well as other internet-capable devices
See our guide 5 steps for securing your computer to learn more.