It’s been a few days since Dinsey Plus released, and already there has been news of hackers taking over most of the users’ accounts. These hacked accounts are then sold out for free or on sale at minimum prices. The streaming devices managed to gain around ten million users within 24 hours of its release, even though it has not yet reached the US, Canada, and the Netherlands. After certain hours of its release, there were technical issues from the customers, which stated that the customers were not able to have access to their accounts.
The hackers had crept into these accounts and made sure to log them out from all devices and then take over the account. These hackers were able to get the credentials of the users through past data, and if that’s not the case, then they must have used information stealing techniques, to have access to these accounts. The hackers got the credentials, logged into the account, changed the email id, and the password of the account, and even logged the user out of all devices. Later, when the user tried to log in, he/she could not get through it.
Niels Schweisshelm, the technical program manager at HackerOne, stated that Disney could use a two-step authentication feature, to make the accounts safe and free of hackers.
“It’s no surprise that cybercriminals jump on the same bandwagon as everyone else when there’s a big new consumer launch. The scale of fresh accounts means it’s very much worth their while to invest in attempting to compromise them- cybercriminals can rely on customers apathy to give them an easy win,” stated Neils when asked bout the situation in an interview.
Furthermore, Disney has stated that it “takes the privacy and security” of the users’ data very seriously and also that “there is no indication of a security breach on Disney Plus.” There are even assumptions being made that most of the users used the same email id and password for a various number of sites, which also includes Disney Plus, and through data collected from other websites, the hackers were able to extract the credentials and use it for their own will.
The company’s cybersecurity expert stated to CNBC, indicating that this might be a case of “credential stuffing” where the hacker “automates the process of trying usernames and password on a targeted site.” This particular method of “credential stuffing” is mostly used as many users use the same email ids and passwords for several sites, and due to any leakage from any of the sites, one can get the credentials.
Well, for now, Disney Plus is trying to solve this problem along with increasing the security breach of its streaming service, so that any such cases can be avoided in the future. Moreover, it is being advised to the users to change their passwords and email ids to remain safe from the hackers’ attacks. You can use another email id or another password while creating a Disney Plus account, or it would even be safe not to create one, at least for the time being, till a solution has been devised.