Disney Plus blames past hacks for user accounts sold online

Nov 20, 2019, 3:51 PM | Updated: 4:04 pm
FILE - Wednesday, Nov. 13, 2019 file photo, a Disney logo forms part of a menu for the Disney Plus ...
FILE - Wednesday, Nov. 13, 2019 file photo, a Disney logo forms part of a menu for the Disney Plus movie and entertainment streaming service. Disney Plus says it doesn’t have a security breach, but some users of the new streaming service have been shut out after hackers tried to break into their accounts. (AP Photo/Steven Senne, File)
(AP Photo/Steven Senne, File)

Disney said Disney Plus account passwords being sold in underground hacking forums are coming from previous breaches at other companies, predating last week’s launch of its streaming service.

The company reiterated Wednesday that it found no evidence of a security breach, and that account problems are limited to “a very small percentage of users” of Disney Plus.

Disney and other traditional media companies are trying to capture the subscription revenue now going to Netflix and other streaming giants. Helped by promotions, including a free year for some Verizon customers, Disney Plus attracted 10 million subscribers on its first day.

The news site ZDNet found stolen account usernames and passwords selling for $3 on underground hacking forums. Disney’s streaming service costs $7 a month or $70 a year.

Despite warnings by security experts, users often reuse passwords at multiple services, meaning a breach at one opens the door for a hacker to gain access to the others.

Users can easily avoid this by using strong passwords that are unique for each service, said Troy Hunt, an Australian security researcher whose “Have I Been Pwned?” website alerts people when their identity information is stolen.

But Hunt said Disney should implement better security measures.

“The Disney situation appears to be yet another credential stuffing attack where hackers exploit a combination of customers reusing passwords and the service provider not providing sufficient defenses to stop it,” Hunt said in an email.

Paul Rohmeyer, a professor at the Stevens Institute of Technology in Hoboken, New Jersey, said he’s surprised that streaming services haven’t yet implemented better security such as multi-factor authentication.

With multi-factor authentication, users must enter a code sent as a text message or email when logging in from a new device.

The code helps ensure that people using stolen passwords or guessing them can’t use a service without also having access to the legitimate user’s phone or email account.

Rohmeyer said services may be hesitant to implement tougher security because they don’t want to be seen as more inconvenient than competitors.

Multi-factor authentication is an option for many non-streaming services, including Google, Facebook and Apple, but the extra security must be turned on. Disney Plus does require codes sent by email when changing account passwords, but it doesn’t use them for logging in from new devices.

Multi-factor authentication is harder to implement for services that are shared in households, as multiple users would need access to the same phone or email account. While Disney Plus, Netflix and Hulu let family members create their own profiles, with separate watch lists and preferences, they all share the same username and password. Apple TV Plus gets around this by having each family member sign in with a separate Apple ID.

Today’s Top Stories

crowded zion national park...
Mark Jones

Seasonal shuttle service, camping availability announced at Zion

Fall shuttle service into Zion National Park ended Sunday. It will resume for 10 days beginning on Dec. 23 and running through Jan. 1, 2023.
1 day ago
Groundbreaking dates for four temples in Latin America have been announced this week by the First P...
Mark Jones

Church announces locations for six previously announced temples

Locations for six previously announced temples were announced Monday by the First Presidency of The Church of Jesus Christ of Latter-day Saints.
1 day ago
vail resorts...
Elizabeth Weiler

Vail Resorts facing million dollar lawsuit after a Utah bowling alley incident

PARK CITY, Utah — After a bowling incident during a company party, a jury is ordering Vail Resorts’ Mountain activities to pay over $2 million for a personal injury that caused extensive surgeries.  In April, according to a case overview, Jupiter Bowl hosted a team party for Vail employees. During the party, Vail Resorts’ employees […]
1 day ago
Utah Naloxone...
Devin Oldroyd

Utah Naloxone and law enforcement reach milestone in preventing overdose deaths

Utah Naloxone reports over 600 lives in Utah have been saved thanks to law enforcement's use of naloxone (Narcan®).
1 day ago
Photo of a Utah highway petrol vehicle...
Mark Jones

More than 1,500 motorists stopped for speeding over Thanksgiving weekend

The Utah Highway Patrol says more than 1,500 motorists were pulled over for speeding during the Thanksgiving weekend.
1 day ago
Primary Children's Medical Center has canceled some scheduled surgeries and other procedures this w...
Simone Seikaly

Citing rising RSV cases, Primary Children’s delaying some surgeries

Primary Children's is delaying pre-scheduled and non-emergency procedures that would require an inpatient stay.
1 day ago

Sponsored Articles

Happy joyful smiling casual satisfied woman learning and communicates in sign language online using...
Sorenson

The best tools for Deaf and hard-of-hearing workplace success

Here are some of the best resources to make your workplace work better for Deaf and hard-of-hearing employees.
Team supporters celebrating at a tailgate party...
Macey's

8 Delicious Tailgate Foods That Require Zero Prep Work

In a hurry? These 8 tailgate foods take zero prep work, so you can fuel up and get back to what matters most: getting hyped for your favorite
christmas decorations candles in glass jars with fir on a old wooden table...
Western Nut Company

12 Mason Jar Gift Ideas for the 12 Days of Christmas [with recipes!]

There are so many clever mason jar gift ideas to give something thoughtful to your neighbors or friends. Read our 12 ideas to make your own!
wide shot of Bear Lake with a person on a stand up paddle board...

Pack your bags! Extended stays at Bear Lake await you

Work from here! Read our tips to prepare for your extended stay, whether at Bear Lake or somewhere else nearby.
young boy with hearing aid...
Sorenson

Accommodations for students who are deaf and hard of hearing

These different types of accommodations for students who are deaf and hard of hearing can help them succeed in school.
Young woman receiving laser treatment...
Form Derm Spa

How facial plastic surgery and skincare are joining forces

Facial plastic surgery is not only about looking good but about feeling good too. The medical team at Form Spa are trained to help you reach your aesthetic outcomes through surgery and through skincare and dermatology, too.
Disney Plus blames past hacks for user accounts sold online