Tech news website ZDNet published a story where it had found thousands of Disney+ accounts were either being offered for free or sold online across several hacking forums.
Some of the accounts were priced as low as $4 (US$3) to as much as $14.50 (US$11). The cost of a subscription to Disney+ in Canada is $8.99 a month — well below the price of what was being sold online.
In a statement to Global News, Disney did not confirm whether or not the accounts on its platform were being hacked, but said there was no sign of a security breach on Disney+.
“Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+,” said a Disney spokesperson.
The streaming service launched on Nov. 12 and gathered more than 10 million customers within the first 24 hours. To date, the platform is only available in Canada, the Netherlands and the U.S.
According to ZDNet, many of the accounts listed the type of subscription the user had, their account’s location and when it expired.
Several users of the service have taken to social media to voice their frustration, with some complaining they had completely lost access to their accounts after hackers logged them out after changing their passwords.
Emrielle Shenher told Global News that she woke up to an email Sunday indicating that her Disney+ password had been changed.
After logging into the Disney+ app, Shenher said she had found several new viewer profiles on her account and that despite changing her password several times, as well as the email linked to the account, the intruder was still logged in.
“Unlike Netflix, I don’t think Disney+ logs off the devices once the password has been changed,” Shenher told Global News in an email.
“So once they were initially logged in, now they’re in forever and it doesn’t give an option to log out of other devices.”
Blake Babin also told Global News that he started receiving emails of his account password being changed at 4:24 p.m. Since then, Babin says he has received over 30 emails by the time of publication, despite also having changed his password and email twice.
Both Shenher and Babin said they have tried to contact Disney to resolve the service, but have not been able to get in touch with customer service because of what they cite as long wait times.
In an interview with BBC News, CyberInt lead researcher Jason Hill said that many of the accounts were stolen because users probably used the same passwords across different sites.
Hackers may take passwords from websites that have previously been hacked and try them on new sites or platforms such as Disney+, he said.
“Whilst many may consider having a unique password for each online service to be difficult to manage, password managers simplify this process and allow you to generate and securely store unique difficult-to-guess passwords,” Hill told BBC News.
Disney customer service is not new to complaints. The launch of Disney+ was marred by reports of technical issues that left some users unable to stream or access the service because of the number of people accessing the platform.
Follow David Lao on Twitter