Disney’s hotly-anticipated streaming service Disney+ finally launched this week. Despite being open to the public for just a few days, hackers have already hijacked thousands of accounts and put them up for sale on the Dark Web.
Reporting for ZDNet, Catalin Cimpanu discovered several listings for Disney+ accounts on different underground hacking forums. The going rate for a hacked account appears to be somewhere between $3 and $5.
That’s three to four times more than the asking price for a hacked Netflix account. Logical enough, given the excitement around the Disney+ launch.
So how is it possible that these accounts – many of which are just a few days old – have already been taken over by hackers? I haven’t seen any reports confirming the root cause, but it seems likely that bad habits are to blame. Today In: Innovation
One bad habit in particular: password re-use.
You should never, ever use the same password for multiple websites or online services. Security professionals have been repeating this refrain for years.
Their warnings often fall on deaf ears, unfortunately. To users creating yet another account, it can feel like too much trouble to come up with a unique password to protect it.
When you’re creating a new account – whether for a hot new service like Disney+ or any other – remind yourself that hackers are always lurking in the shadows and ready to attack.
They’re armed with billions of email addresses (likely including yours) and billions of previously-used passwords. Using automated brute-forcing tools they can quickly break into accounts en masse.
Recovering a compromised account can be tricky, too. Once a hacker has gained access they tend to move quickly. They revoke access to authorized devices and then change passwords to prevent users from logging back in. They’ll change the email address associated with an account, too, which stops users from using automated password reset tools to regain access.
If you’re getting ready to sign up for Disney+ – or any other service, for that matter – get yourself a password manager first. Use it to create a unique password and let it remember that password for you.
Otherwise, you may find yourself fighting to regain access to your account before you even have a chance to enjoy what you’ve signed up for.