• Disney+ subscribers hacked within hours and credentials sold online
  • Users took to Twitter to complain of disable accounts and poor customer service
  • Disney+ does not offer two-factor authentication

Disney+ (Ivan Marc)

Disney+: Subscribers hacked within hours 

Source: Ivan Marc / Shutterstock

Hackers have stolen thousands of Disney+ subscribers accounts to sell on the dark web, according to reports, with users remaining without answers.

Disney launched its new streaming service last week but within hours hackers took to stealing users account details, pricing information between $3 and $11, according to an investigation by ZDNet.

The service which gained 10 million customer sign-ups in its first 24 hours, also went live with a slate of technical glitches, IBC365 reported.

Users took to social media to complain of technical problems with many reporting they were unable to stream TV programmes or films, while others reported losing access to their accounts.

Complaints included hackers changing user emails and passwords, and those who complained being left on hold for hours by the customer support team at Disney.

Disney has not issued a formal statement, however, ZDNet’s investigation found “hacking forums have been flooded with Disney+ accounts.”

It also found, various hacking forums with several lists of Disney+ account credentials being offered for free, to be shared and used by the hacker community.

CyberInt lead research Jason Hill told the BBC it appeared that many passwords and emails were stolen because subscribers were using the same passwords for different sites.

He said hackers can lift someone’s password from a different site which has previously been hacked and then try it on a new site, like Disney+, and if it works, they are able to successfully steal the account.

The streaming service does not have two-factor authentication.

The company acknowledged the technical issues in a tweet on 12 November when the service went live in the US and Canada, joining the Netherlands.