Disney+ accounts hacked — How to protect yourself

Remesh Ramachandran
3 min readNov 22, 2019

Disney+ streaming service was launched last week and much to the surprise it had technical issues. In addition, within hours of the service going online, many users have reported that their accounts were hacked. The hacked accounts were then put up for sale on the dark web for prices ranging from US$3-11, or even for free. This type of account hijacking binge is not a new incident as this has happened to other popular streaming services as well.

There are some easy measures you can take to reduce the risk of such occurrences in the future. Given below are some of them that applies to a majority of widely used streaming services.

Use strong passwords : This measure might sound like a basic one, but a strong and unique password or passphrase can make a great difference. The most important thing is that you should never use the same password or even any variation of the same password or passphrase across different services.
Using the same variation of the password makes it easier for a hacker to guess it easily. Make it a practice to use a good password manager to generate and store your passwords, so that you only have to remember just one master password.

Another precaution is to use a service like Have I Been Pwned to check if any of your credentials have been compromised in a past data breach. There is also option to sign up for notifications in case your login details appear in future breaches. Both Chrome and Firefox have their own versions of password checkups.

An efficient method to strengthen the security of an account is to use a two-factor authentication (2FA). Unfortunately, many streaming services do not have this provision now.

One of the main techniques practiced by attackers to hijack accounts is social engineering and impersonate official channels of communication to deceive you into providing your personal data. A lot of people receive such phishing email daily.

Email service providers, in spite of boosting up their security measures and trying to get hold of many attempts before they reach their targets, some escape through them. In such situations, the user must act accordingly and check the mail properly for any subtle errors like grammar mistakes.

Always make sure that you do not open any attachment or click on any link unless you are 100% sure that the message is authentic. Contact the sender if possible, just to make sure that they sent it.

Having healthy cyber security habits, taking a common-sense approach and using a reputable security solution will generally go a long way towards keeping you safe in the digital realm. In the words of Benjamin Franklin, “An ounce of prevention is worth a pound of cure” — and that applies a thousand-fold for cyber security.

How to prevent your Disney+ password from being stolen

  • Do not respond to any suspicious email regarding your Disney+ account, and in general, don’t share login info over email.
  • Make sure you have different passwords across your various streaming service subscriptions.
  • Don’t use passwords rated with “weak” or “poor” security strength.
    Consider changing your password periodically.
  • If you suspect that your account has been compromised, there are a few steps you can take.

What to do if your Disney+ password has been stolen

  • Click “Edit Profiles” to see if additional profiles have been added to your account.
  • If you click on the pencil icon below the avatar, you can delete any additional accounts. Note that the owner’s original account cannot be deleted, so you don’t have to worry about deleting that account by accident.
  • If you are locked out of your account or have other issues, contact Disney+ customer support via phone, live chat, or social media through their help center.

It Is Time to Outsource Your Passwords to an App : Your brain has better things to do than store secure passwords. Get a dedicated password manager to keep your login data synced and secure across all devices.

--

--

Remesh Ramachandran

Security Researcher & Consultant for the Government, Enthusiast, Malware Analyst, Penetration Tester He has been successful participant in various bug bounty