Gateway – Gizmodo

/in


Disney+ had a rocky launch last week, with technical issues and customer service complaints galore. Now, it looks as though Disney+ has a hacking problem as well.

An investigation by ZDNet found that hacked usernames and passwords for Disney+ accounts are being offered up for sale on dark web marketplaces, and users on social media reported getting locked out of their accounts immediately after the service launched November 12. Two individuals who spoke with ZDNet reported that they reused passwords associated with other accounts. If those other accounts have been compromised in the past, the Disney+ hackers could have gained access by trying those resued passwords. But other users claimed their passwords were unique to the account, which could mean a number of other factors were at play.

David O’Brien, a senior researcher and assistant research director for privacy and security at Harvard University’s Berkman Klein Center for Internet & Society, told Gizmodo by phone that the easiest answer is the reused passwords problem.

“People very commonly reuse passwords between sites because it’s convenient,” O’Brien said. “The reason there is, of course, it’s hard to memorize long passwords to begin with, and it’s hard to memorize a long list of long passwords. So people often take the shortcut of just using the same password between sites and they might not know when it’s been compromised or not.”

As ZDNet noted, it’s possible that the credentials were swiped with malware. It’s also possible the stolen passwords were unique but similar to previously compromised passwords, or simply common and easy to guess, such as “123456,” “abc123,” or “princess.” For its part, Disney told Gizmodo that there’s been no sign of a security breach that would put user credentials at risk.

“Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+,” the company said in a statement. The company advised users who believe their accounts have been compromised to contact its customer service, though wait times are still excessive more than a week out from its launch. When Gizmodo attempted to call…

Source…