Thousands of hacked Disney+ accounts ‘being sold on the dark web’

Disney+ original The Mandalorian

Disney+ has already suffered its first major privacy blow, with hacked accounts already for sale on hacking forums.

According to an investigation from ZDNet, thousands of stolen accounts were being sold for between US$3-11 or even offered for free. 

While a large number of users complained about the service’s initial technical issues, the report identifies a smaller number of users who reported that they had lost access to their accounts. 

These users saw their account email and password changed by hackers, which in effect locked them out of their accounts. One Twitter user cited by the report said that their friend was a victim and that they had been blocked from their 3-year prepaid account. Disney had offered the lengthy membership at a discount as an exclusive perk for its D23 fan club members. 

Two users who spoke to the reporter admitted to reusing passwords, suggesting that hackers used previously leaked email and password combinations to access the account. Others however said they had not, which would indicate that their computers were infected with keylogging or other forms of malware.

Hackers selling accounts on the dark web is no new phenomenon, but how quickly after launch they were made available will prove especially concerning for Disney. The report includes screenshots from a variety of illegitimate online marketplaces taken only hours after the service’s launch. 

Disney did not respond to ZDNet’s request for comment. 

It has also been reported that the phrase “how to unsubscribe from Disney+” had been trending on Google, but this is largely because it is one week after the service’s launch – and it came with a one week free trial. 

In its first 24 hours, the service attracted 10 million signups and over 3 million app downloads in the US, Canada and the Netherlands.

Read Next