Less than a week after the launch of Disney Plus, a report has claimed that thousands of users’ account login details have been listed on hacking forums, where they’re available for purchase from as little as $3.
According to ZDNet, Disney Plus users’ accounts started going up for sale “within hours after the service’s launch”, with prices ranging from $3 to $11. Presumably, prices are dictated by the length of the subscription associated with the stolen account.
Related: Best VPN
The publication also reports that, after hijacking an account, some criminals have been locking out the real owner by changing the login details.
Disney is yet to publicly acknowledge the problem, but we’ll update this article when the company issues an official statement.
Some victims have told ZDNet that they’ve re-used passwords, which means it’s possible that criminals gained access to their Disney Plus account by trawling through data dumps from past hacks.
The best way to find out if your login details have been leaked as part of a previous security breach is by using the Have I Been Pwned tool. To check if you’ve been breached, just enter your email address in the dialogue box.
However, other victims have said that they used a unique password for their Disney Plus account − which would mean that their account details were seized via another means. It’s something that potentially raises questions about Disney’s own security practices.
Crucially, Disney Plus does not offer two-factor authentication, which could have provided an extra layer of protection for users of the streaming service.
Related: Best VPNs for security and privacy
Disney Plus launched less than a week ago, but it’s currently only available in the US, Canada and Netherlands. However, more than 10 million people signed up on opening day, and the platform is due to launch in Australia and New Zealand on November 19 (this Tuesday).