Disney denies stolen account sales are its fault

Disney has denied any form of security breach of its Disney+ servers.

A recent report found that thousands of accounts to the new service were being sold on the dark web mere hours after the week-old streamer launched. Many users saw their account email and password changed by hackers, which in effect locked them out of their accounts. 

Now, in comments made to Variety, the mouse house has rejected the idea that there was any lapse in judgment on its part.

A spokesperson said: “We have found no evidence of a security breach. We continuously audit our security systems and when we find an attempted suspicious login we proactively lock the associated user account and direct the user to select a new password.”

The company suggested that rather than their servers being hacked, the finger should be pointed to data leaks at other sites and users re-using their old passwords, with the spokesperson saying: “Billions of usernames and passwords leaked from previous breaches at other companies, pre-dating the launch of Disney+, are being sold on the web.”

One solution that has been pointed out by some is two-factor authentication which, while still being vulnerable to attack, is much more secure than the traditional practice of just emails and passwords.

Disney does not dispute that account information is being illicitly exchanged online, but that this is limited to “a very small percentage of users”. The company has encouraged any affected users to “reach out to our customer support so we can help them.”

While the company has directed users to customer support channels, many users have also complained that it has been near-impossible to get through on the phone. 

Some users who have struggled to access the service, activate the US$12.99 bundle of Hulu, Disney+ and ESPN+, or simply cancel their account have taken to Twitter in order to complain about wait times of multiple hours to speak to someone.

The company did acknowledge this earlier in the week, with the official Twitter account saying it was “receiving a high volume of customer cases.”

Read Next