Disney+ login details appear on dark web as experts warn about dangers of free streams and torrents

Some account details of new streaming site were shared for free

Anthony Cuthbertson
Tuesday 19 November 2019 13:39 GMT
Comments
(Disney)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Thousands of login details for Disney+ accounts have appeared on the dark web, prompting fears that customers of the new streaming service have been hacked.

Account credentials were listed across various online black markets, with some users claiming to be unable to log in after their email address and password were changed.

More than 10 million people have already subscribed to Disney+ since it launched last week, despite technical issues preventing some users from accessing the platform.

Disney claims that its security systems have not been compromised, saying in a statement that it “takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+”.

Some cyber security experts speculated that login credentials may have been acquired through previous hacks, as many people use the same email and password combination for multiple online accounts.

“The Disney+ hack is a classic example of credential stuffing – hackers using password and email combinations, stuffing them into the sign-in page and seeing what results they get,” Andrew Martin, CEO of cyber security firm DynaRisk, told The Independent.

“It is likely that some users may have used the same email and password for multiple sites, including Disney+, and their credentials could have been stolen during previous security breaches at other companies.

Disney+ logins on the dark web were first discovered by ZDNet, who reported seeing them for sale at prices between $3 and $11.

Listings seen by DynaRisk revealed that some login credentials were being shared for free.

Free Disney+ login details listed on the dark web
Free Disney+ login details listed on the dark web (Screenshot/ DynaRisk)

Mr Martin said it once again highlighted the importance of using unique passwords for all online accounts, as well as extra security measures like two-factor authentication when possible.

Other experts also warned of a recent spike in illegal streaming links being shared online that claim to offer free ways to watch Disney+ content.

Many of these links may lead to scam sites designed to steal private data or spread dangerous malware.

“Bogus streaming links offering the latest shows but actually giving nothing but fake surveys and downloads spike whenever a new show launches, but an entire channel was always going to increase the target area,” said Chris Boyd, lead malware analyst at MalwareBytes.

The fact that Disney chose to make the service available in only some countries could have led more users to search out such dangerous sites, he warned.

“Staggering rollout will only make the problem worse, and the various technical hitches suffered during the Disney+ rollout has meant a strong interest in torrents, even in areas the service is available," he said.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in