Within hours of the service's launch, thousands of stolen credentials were online.
Steal the Show
On November 12, Disney launched its new streaming service, Disney+, and within 24 hours, more than 10 million people had purchased accounts for $7 per month.
But a significant number of those legitimate account holders didn't have access to all their favorite Disney content for long. A ZDNet investigation found that, within hours of the launch, hackers were already selling thousands of stolen account credentials online — a galling sign of the speed and ubiquity of petty cybercrime.
ZDNet noticed a significant number of users complaining about their hacked Disney+ accounts on social media.
Many reported that hackers had logged them out of the service on all of their devices and changed the email address and password associated with the account so that the owner couldn't regain access.
As for where those hacked accounts turned up, ZDNet found ads boasting "access to thousands of [Disney+] account credentials" on hacking forums.
Some of the sellers were offering to credentials for as little as $3, while others were literally giving the account details away.
Puzzlingly, a few of the accounts ZDNet saw for sale were priced upwards of $11, which is more than the monthly cost of a legitimate account — meaning they'd only be cheaper than buying access through Disney if the account holder didn't notice the theft for at least a month.
READ MORE: Thousands of hacked Disney+ accounts are already for sale on hacking forums [ZDNet]
More on Disney: This Genius Used Deepfakes to "Fix" the New "The Lion King"