Thursday, January 21, 2021

Disney dealing with password theft

Nov 20. 2019
Facebook Twitter

By Syndication Washington Post,Bloomberg · Christopher Palmeri, Kiley Roache

Some customers who signed up for the new Disney Plus streaming service have seen their usernames and passwords sold online to third parties and have been locked out of their newly opened accounts.

Disney said that its system hasn't been hacked and that it's working to quickly address the issue. It's possible that hackers obtained the names and passwords from data breaches at other companies.

"Disney takes the privacy and security of our users' data very seriously, and there is no indication of a security breach on Disney+," the company said in a statement.

Disney Plus is the company's effort to built a direct connection to consumers, as many people shift to watching movies and shows on demand rather than on cable and satellite TV. The $7-a-month service launched last week and quickly signed up more than 10 million customers, a number far exceeding predictions.

Still, the debut was marred by many complaints from customers who couldn't log on or had trouble watching programs. But the number of gripes collected by the website Downdetector has dropped sharply over the past week and now amounts to just a few dozen.

While Disney has long collected customers' names and passwords for its theme parks and online games, the expansion into online video on a global basis brings the potential for more data breaches.

ZDNet reported over the weekend that users' accounts were being put up for sale on hacking forums within hours of the service's launch at prices of $3 to $11 each. Some customers reported that they had used old passwords, but others said they hadn't, according to the website.

While there may be few thousand compromised Disney accounts, that's small compared with the hundreds of thousands of usernames and passwords on the black market hijacked from platforms such as Hulu, Netflix and HBO, said Andrei Barysevich, chief executive officer and co-founder of the security firm Gemini Advisory.

Reusing names and password combinations from previous attacks at other sites can be a "very effective method" for hackers, he said.

"This is one of the biggest problems, not just streaming services, but pretty much every e-commerce business has been battling for the last couple of years, because there's an abundance of compromised emails and passwords on the dark web," Barysevich said.

At Code Media, a conference for media executives in Los Angeles this week, operators of rival services praised the Disney Plus launch. David Nevins, chief creative officer at CBS, called the sign-ups "impressive," while AT&T President John Stankey said that while Disney Plus "was off to a good start," keeping customers happy and subscribed will be an ongoing issue.

"How many of the 10 million customers are there six months from now?" Stankey asked. "It's managing churn."


Facebook Twitter
More in News
Editor’s Picks
Top News