Thousands of Disney+ accounts have been hacked, sold online on dark web: reports

Click to play video: 'Thousands of Disney Plus accounts have been hacked, sold online on dark web, reports say'
Thousands of Disney Plus accounts have been hacked, sold online on dark web, reports say
According to reports, thousands of Disney Plus accounts have been hacked with some being sold online through the dark web – Nov 18, 2019

Thousands of Disney+ accounts have been hacked and are being sold online on the dark web, according to a report published Monday.

Tech news website ZDNet published a story where it had found thousands of Disney+ accounts were either being offered for free or sold online across several hacking forums.

Some of the accounts were priced as low as $4 (US$3) to as much as $14.50 (US$11). The cost of a subscription to Disney+ in Canada is $8.99 a month — well below the price of what was being sold online.

READ MORE: Disney Plus? Apple TV Plus? Here’s how major streaming video services in Canada compare

Read next: U.S. shoots down suspected Chinese spy balloon over Atlantic ocean

In a statement to Global News, Disney did not confirm whether or not the accounts on its platform were being hacked, but said there was no sign of a security breach on Disney+.

Story continues below advertisement

“Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+,” said a Disney spokesperson.

The streaming service launched on Nov. 12 and gathered more than 10 million customers within the first 24 hours. To date, the platform is only available in Canada, the Netherlands and the U.S.

Click to play video: 'Disney+ experiences crashing due to high demand on launch day'
Disney+ experiences crashing due to high demand on launch day

According to ZDNet, many of the accounts listed the type of subscription the user had, their account’s location and when it expired.

Several users of the service have taken to social media to voice their frustration, with some complaining they had completely lost access to their accounts after hackers logged them out after changing their passwords.

Story continues below advertisement

Story continues below advertisement

Emrielle Shenher told Global News that she woke up to an email Sunday indicating that her Disney+ password had been changed.

After logging into the Disney+ app, Shenher said she had found several new viewer profiles on her account and that despite changing her password several times, as well as the email linked to the account, the intruder was still logged in.

READ MORE: Disney+ launch ‘exceeded’ expectations despite glitches, connection problems: Disney

Read next: Canada expands Falooda Drink recall over undeclared milk to include multiple flavours

“Unlike Netflix, I don’t think Disney+ logs off the devices once the password has been changed,” Shenher told Global News in an email.

Story continues below advertisement

“So once they were initially logged in, now they’re in forever and it doesn’t give an option to log out of other devices.”

Blake Babin also told Global News that he started receiving emails of his account password being changed at 4:24 p.m. Since then, Babin says he has received over 30 emails by the time of publication, despite also having changed his password and email twice.

A screenshot of Blake Babin’s email provided to Global News after saying that his password had been changed multiple times by a hacker trying to access his account. Blake Babin

Both Shenher and Babin said they have tried to contact Disney to resolve the service, but have not been able to get in touch with customer service because of what they cite as long wait times.

Click to play video: 'Disney+ adds disclaimer for racially and culturally ‘insensitive’ content'
Disney+ adds disclaimer for racially and culturally ‘insensitive’ content

In an interview with BBC News, CyberInt lead researcher Jason Hill said that many of the accounts were stolen because users probably used the same passwords across different sites.

Story continues below advertisement

Hackers may take passwords from websites that have previously been hacked and try them on new sites or platforms such as Disney+, he said.

READ MORE: As Disney+ comes to Canada, households will be less dependent on cable: analysts

Read next: How old electric car batteries could power the future

“Whilst many may consider having a unique password for each online service to be difficult to manage, password managers simplify this process and allow you to generate and securely store unique difficult-to-guess passwords,” Hill told BBC News.

Disney customer service is not new to complaints. The launch of Disney+ was marred by reports of technical issues that left some users unable to stream or access the service because of the number of people accessing the platform.

Follow David Lao on Twitter

Sponsored content