Disney Plus blames past hacks for user accounts sold online

Nov 20, 2019, 3:51 PM | Updated: 4:04 pm
FILE - Wednesday, Nov. 13, 2019 file photo, a Disney logo forms part of a menu for the Disney Plus ...
FILE - Wednesday, Nov. 13, 2019 file photo, a Disney logo forms part of a menu for the Disney Plus movie and entertainment streaming service. Disney Plus says it doesn’t have a security breach, but some users of the new streaming service have been shut out after hackers tried to break into their accounts. (AP Photo/Steven Senne, File)
(AP Photo/Steven Senne, File)

Disney said Disney Plus account passwords being sold in underground hacking forums are coming from previous breaches at other companies, predating last week’s launch of its streaming service.

The company reiterated Wednesday that it found no evidence of a security breach, and that account problems are limited to “a very small percentage of users” of Disney Plus.

Disney and other traditional media companies are trying to capture the subscription revenue now going to Netflix and other streaming giants. Helped by promotions, including a free year for some Verizon customers, Disney Plus attracted 10 million subscribers on its first day.

The news site ZDNet found stolen account usernames and passwords selling for $3 on underground hacking forums. Disney’s streaming service costs $7 a month or $70 a year.

Despite warnings by security experts, users often reuse passwords at multiple services, meaning a breach at one opens the door for a hacker to gain access to the others.

Users can easily avoid this by using strong passwords that are unique for each service, said Troy Hunt, an Australian security researcher whose “Have I Been Pwned?” website alerts people when their identity information is stolen.

But Hunt said Disney should implement better security measures.

“The Disney situation appears to be yet another credential stuffing attack where hackers exploit a combination of customers reusing passwords and the service provider not providing sufficient defenses to stop it,” Hunt said in an email.

Paul Rohmeyer, a professor at the Stevens Institute of Technology in Hoboken, New Jersey, said he’s surprised that streaming services haven’t yet implemented better security such as multi-factor authentication.

With multi-factor authentication, users must enter a code sent as a text message or email when logging in from a new device.

The code helps ensure that people using stolen passwords or guessing them can’t use a service without also having access to the legitimate user’s phone or email account.

Rohmeyer said services may be hesitant to implement tougher security because they don’t want to be seen as more inconvenient than competitors.

Multi-factor authentication is an option for many non-streaming services, including Google, Facebook and Apple, but the extra security must be turned on. Disney Plus does require codes sent by email when changing account passwords, but it doesn’t use them for logging in from new devices.

Multi-factor authentication is harder to implement for services that are shared in households, as multiple users would need access to the same phone or email account. While Disney Plus, Netflix and Hulu let family members create their own profiles, with separate watch lists and preferences, they all share the same username and password. Apple TV Plus gets around this by having each family member sign in with a separate Apple ID.

Today’s Top Stories

Animal Shelter...
Amie Schaeffer

Keeping pets safe during firework season

Salt Lake County Animal Services gives tips to keep pets safe during fireworks to keep them calm and protected.
10 hours ago
Judge Ketanji Brown Jackson is pictured...
MARK SHERMAN Associated Press

Jackson sworn in, becomes 1st Black woman on Supreme Court

Judge Ketanji Brown Jackson, 51, will be sworn as the court's 116th justice Thursday, just as the man she is replacing, Justice Stephen Breyer, retires.
10 hours ago
Immigration activists rally outside the US Supreme Court in Washington, DC on April 26. Photo credi...
Tierney Sneed and Priscilla Alvarez, CNN

Supreme Court says Biden can end Trump-era ‘Remain in Mexico’ immigration policy

The Supreme Court on Thursday gave President Joe Biden the green light to end the controversial "Remain in Mexico" immigration policy.
10 hours ago
The Supreme Court is pictured. The court just limited the EPA...
MARK SHERMAN Associated Press

Supreme Court limits EPA in curbing power plant emissions

The Supreme Court on Thursday limited how the nation's main anti-air pollution law can be used to reduce carbon dioxide emissions from power plants.
10 hours ago
President Joe Biden speaks during a news conference on the final day of the NATO summit in Madrid, ...
DARLENE SUPERVILLE and ZEKE MILLER Associated Press

Biden says transatlantic alliance has adapted to new threats

Biden's comments came at a press conference in Madrid at the conclusion of the annual meeting of NATO leaders and after he attended a summit with the Group of Seven advanced democratic economies in the Bavarian Alps.
10 hours ago
A Rite Aid logo is displayed on its store...
HALELUYA HADERO, AP Reporter

Amazon, Rite Aid cap purchase of emergency contraceptives

Retailers limiting purchases is standard practice that helps retailers prevent stockpiling and reselling at higher prices.
10 hours ago

Sponsored Articles

Tax Harassment...
Jordan Wilcox

The best strategies for dealing with IRS tax harassment | You have options!

Learn how to deal with IRS tax harassment. This guide will teach you how to stop IRS phone calls and letters, and how to handle an IRS audit.
spend a day at Bear Lake...
Bear Lake Convention and Visitors Bureau

You’ll love spending the day at Bear Lake | How to spend a day at Bear Lake

Bear Lake is a place that needs to be experienced. Spend a day at Bear Lake.
Curb Appeal...
Price's Guaranteed Doors

How to have the best of both worlds for your house | Home security and curb appeal

Protect your home and improve its curb appeal with the latest security solutions like beautiful garage doors and increased security systems.
Prescription opioids can be disposed of during National Prescription Take Back Day...
Know Your Script

Prescription opioid misuse | How to protect your family from the opioid epidemic

Studies have shown that prescription opioid misuse has increased since COVID-19. So what do you need to know about these opioids?
Follow @ikeyospe...

Tax Tuesday: The Most Common Mistakes People Make When Filing Their Taxes

Fortunately, for most average earners, they will not end up owing overpayments received for the Child Tax Credit in 2021.
Follow @ikeyospe...

Tax Tuesday: How will last year’s child tax credits affect you?

Fortunately, for most average earners, they will not end up owing overpayments received for the Child Tax Credit in 2021.
Disney Plus blames past hacks for user accounts sold online