Disney+, security problem: thousands of accounts already hacked

Disney+ has been launched for less than a week and already the first cybersecurity problems are appearing: here's what's happening

The brand new Disney+ streaming content service, less than ten days after its launch, has already set a couple of records: it has been stormed by users, with ten million subscribers in the first week, and also by hackers, who have already stolen thousands of profiles.

According to what dozens of Disney+ subscribers have reported, in fact, they were flooded with phishing e-mails shortly after subscribing. Moreover, on the dark web, the first databases containing thousands of hacked Disney+ profiles have already appeared. What has happened? Whose fault is it? It's not clear yet, because everything has happened really fast, but it would seem that the blame for all this is to be divided between Disney and its users. Disney would have set up an insecure system compared to the current standards, while the latter would have been too superficial in choosing the credentials for the login.

Hacked Disney+ accounts: users' faults

According to the well-known cybersecurity company Bitdefender, behind this unpleasantness there would be "a combination of factors including users' carelessness and lack of security". Users, in practice, would have made the usual mistake: using to connect to Disney+ the same data already used (and already stolen) for other online profiles. The hackers would have simply taken data they already had and used it to attempt to access Disney+. And, magic, in many cases they succeeded. One of the rules of computer security, however, is to have a different username and password for each account you sign up for online and, in case it's hard to remember them all, to use a good password manager. In this way you can also choose, and not forget, strong passwords made up of a combination of upper and lower case letters, numbers and symbols.

Hacked Disney+ accounts: Disney's faults

But according to Bitdefender, Disney also didn't do everything possible to protect its users. Disney+ accounts, for example, don't have the two-factor authentication that protects users from most security problems. A lack, the latter, that one wouldn't expect from a giant like Disney in late 2019.

If Disney+ accounts had been protected by two-factor authentication, in fact, as soon as a hacker tried to access a profile from a different geographical location and a different device, compared to those of the legitimate user, the latter would have received a warning and a code to confirm or block the access.