TNW Conference 2022 will be bigger, bolder, and better! Get your tickets now >>

The heart of tech

This article was published on November 19, 2019

Disney+ accounts are being stolen and sold online

Disney+ accounts are being stolen and sold online
Rachel Kaser
Story by

Rachel Kaser

Internet Culture Writer

Rachel is a writer and former game critic from Central Texas. She enjoys gaming, writing mystery stories, streaming on Twitch, and horseback Rachel is a writer and former game critic from Central Texas. She enjoys gaming, writing mystery stories, streaming on Twitch, and horseback riding. Check her Twitter for curmudgeonly criticisms.

Scarcely a week after the service debuted, Disney+ accounts area already being hacked en masse. Users report their accounts being hacked within hours of creation, and now those same accounts are being sold online.

The reported account theft goes about how you’d expect: the malicious party logs into the account and changes the email address and password, effectively nabbing the account for themselves. ZDNet conducted a dark web investigation and found hundreds of accounts for sale, some for as little as $3. Depending where you looked, you might find some given away for free. The BBC later corroborated those findings with their own. The average going price for a Disney+ account appears to be slightly less than a subscription fee.

Disney+ hasn’t had the most stable launch — highly disappointing, considering the money and time Disney’s obviously invested in it. The app was plagued by technical difficulties, often refusing to work entirely on some devices. For many, the lack of customer service support compounded the issue — many users report being hung up on or left on perpetual hold. It’s not as though the platform’s success should come as a surprise, given that it already has over 10 million subscribers a week after launch.

A Disney spokesperson told the BBC that the fault was not on its end: “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.” It’s possible this is all down to bad security practices on the part of the individual users. But still, the platform doesn’t much help matters by not having something like two-factor authentication — and you can’t remove devices from the account. So if someone steals your account and logs it into enough devices that you hit the limit, then you’re out of luck.

So to anyone who’s feeling a little paranoid about the security of their account, the best advice we can offer at the moment is to change your password into something you’re not using elsewhere — just to be safe.

Also tagged with