Disney announced Tuesday that its new streaming service
The News Page ZDNet Underground hacking forums found stolen usernames and passwords for $ 3. Disney's streaming service Disney + costs $ 7 per month or $ 70 per year. According to a person who is familiar with the leak, "tens of thousands" of users were affected.
Disney + comes as Disney and other traditional media companies try to keep customers away from Netflix and other streaming providers. Disney hopes to attract millions of subscribers with its mix of Marvel and Star Wars movies and shows, classic animated films and new series.
Using promotions, including one free year for some Verizon customers, Disney + attracted 10 million subscribers to. The popularity led to in the opening hours, but these problems were mostly solved.
Disney says there is no indication of a security breach that compromises passwords. The privacy and security of user data are taken seriously. Disney + did not specify how many subscribers had security issues.
It is likely that hackers used malware or keylogger software to record keystrokes to access weak passwords. It also appears that some e-mail and password combinations were reused by Disney + subscribers after they were previously stolen by other online services.
Paul Rohmeyer, a professor at the Stevens Institute of Technology in Hoboken, NJ, said he was surprised that streaming services did not yet implement better security such as multi-factor services authentication requiring users to enter a code, sent as a text message or e-mail when logging in from a new device. The code ensures that people using or guessing stolen passwords can not use a service without having access to the legitimate user's phone or email account. This is considered more inconvenient than the competition.
Multi-factor authentication is an option for many non-streaming services, including Google, Facebook and Apple. However, additional security must be enabled. Disney + requires codes that are sent by email when account passwords are changed. However, they are not used to log in new devices.
Dan Patterson, senior producer of CNET, has contributed to this report.